MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b14e5a1ad047c1a208a7d5f8b3d9b527b451565b3c47ff8968a733a64ed9eab6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b14e5a1ad047c1a208a7d5f8b3d9b527b451565b3c47ff8968a733a64ed9eab6
SHA3-384 hash: f9edbd0dae27d8ce257572422ee142d81dce8359c89e1cd3871a717cf5249604a74801d2bf961663394bf44418d9994e
SHA1 hash: 53eba5c546039ecd40123361f34b9c11fa2bf734
MD5 hash: d2f432f30d73d6c7ebc4a3004e641e9e
humanhash: football-lion-uncle-monkey
File name:New Order 76542 PDF.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:909'431 bytes
First seen:2021-02-09 10:05:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:7+KynoJevldVz0tUgHNux7hsCSVxkgJcAE8u:7+Kq3Vz0tUy2sFZG
TLSH 141533021C4684D5FCFC26BE9DE3C9BF9ED6B552232064D26D736CB998CE1046F284B9
Reporter abuse_ch
Tags:NanoCore rar RAT Yahoo


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: sonic301-31.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.129.230
From: Ibraham Hassan <ibrahamhassan27@yahoo.com>
Subject: February Order
Attachment: New Order 76542 PDF.rar (contains "New Order 76542 PDF.exe")

NanoCore RAT C2:
ammagedom.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b14e5a1ad047c1a208a7d5f8b3d9b527b451565b3c47ff8968a733a64ed9eab6/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wfhfugwqi7a2ecfh2x4lhwnve62fcvs3hrd77cliu4z2mtwz5k3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b14e5a1ad047c1a208a7d5f8b3d9b527b451565b3c47ff8968a733a64ed9eab6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar b14e5a1ad047c1a208a7d5f8b3d9b527b451565b3c47ff8968a733a64ed9eab6

(this sample)

NanoCore

Executable exe 72a76728e56304e0d34e9f9512e20e8cc330376ac0d099862920cb003d161acc

  
Dropping
MD5 b0e705ed054b12a16d039218250e2c1d
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 72a76728e56304e0d34e9f9512e20e8cc330376ac0d099862920cb003d161acc

Comments