MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4bae8acd46c893438a19d42f203874adad799fb6fd691cd39738e57c88564bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	c4bae8acd46c893438a19d42f203874adad799fb6fd691cd39738e57c88564bd
SHA3-384 hash:	5a68707a47820d4a332cc0e83a5e490d4cc066ad91eb528fdfd352b87bafdb88300c40356337b82d84506898bec34d98
SHA1 hash:	3b0f387a523521c911c7c4f998c550bb065ee96b
MD5 hash:	2178f3a3d89d50a3254b95b045db9975
humanhash:	enemy-lion-mike-april
File name:	PROOF OF PAYMENT.IMG
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	1'376'256 bytes
First seen:	2020-10-12 14:42:16 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:pMOLKBiH6Ot9KjbbHh3Z8Ci6b0+a2QL4x5LAc15VuY6dMuBiiWmneqgIiq/N:jLgqTkbH8e0+a2Ac15VuY6nINVqF
TLSH	7E55E02127E85F8AE17E8BF5026411A017F93A2B346EE20D3DCA25EF5B74F814651B73
Reporter	abuse_ch
Tags:	img NanoCore RAT

abuse_ch

Malspam distributing NanoCore:

HELO: bronbergwisp.dedicated.co.za
Sending IP: 197.242.156.206
From: payment@santa-laurensia.com
Reply-To: don4eyo@gmail.com
Subject: PROOF OF PAYMENT
Attachment: PROOF OF PAYMENT.IMG (contains "PROOF OF PAYMENT.exe")