MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2d8c194f41ea49732277b5bf84381bc5eb1dc549b9b64b51d9361f803c8174a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	c2d8c194f41ea49732277b5bf84381bc5eb1dc549b9b64b51d9361f803c8174a
SHA3-384 hash:	10d5b0dcde3aa0eb98b56e6b4917e8caaacb90df7298cf87c2c00f47e6eac30182a036bedbcee760deaf47c604a234b2
SHA1 hash:	163a69396b5028ea9c22eb613550ecd350ba17f2
MD5 hash:	2206996a51f8a822567a0e93fbe995d1
humanhash:	music-princess-queen-maine
File name:	Bestätigung der Bankverbindung,pdf.zip
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	458'496 bytes
First seen:	2020-10-26 15:50:03 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:3QnA16kyhPX2XGNaz1Mdd+neXFl6yfO9Kk:3QA01ddN1dd+n0Ftlk
TLSH	5AA423CE933E77512572A58A0D4F3A826A30C30E7B65C3491E16B0CFAC079FF64AD566
Reporter	abuse_ch
Tags:	DEU geo NanoCore RAT zip

abuse_ch

Malspam distributing NanoCore:

HELO: mail.nipponcarsrl.com.ar
Sending IP: 200.114.86.103
From: Patrick Hoover <info3@sitema.de>
Subject: BANK DETAILS
Attachment: Bestätigung der Bankverbindung,pdf.zip (contains "Bestätigung der Bankverbindung,pdf.exe")