MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5efdbc2a6d953fd1612b40a55bf249fa3f7fdcf35e294638720d86632ae9181. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5efdbc2a6d953fd1612b40a55bf249fa3f7fdcf35e294638720d86632ae9181
SHA3-384 hash: 68429a275258d42e2b7f3a322d18feaa36c977875f3976badb059a73013f240b04f4409e95dc556f54d1e1aa15c5f9e7
SHA1 hash: 51a0727eae7806c7ecd13d6b9d41e3ce6e0c1971
MD5 hash: 88758992efff87c6821a2d16e2688f39
humanhash: twelve-venus-fish-muppet
File name:BFSV-1FN_1B-8B_ANSI.cab
Download: download sample
Signature NanoCore
Create hunting rule
File size:347'774 bytes
First seen:2021-01-06 16:10:24 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:hEsR97DumJ5vFKfhAINpIUvHFulRc0g22LEEPktUOfiCeV1Pl:hjXumJdFYhAIrIUvF2xBEEmktfBeVRl
TLSH 487423F34187D6AD835920137F4AD30F209A459F2D6FCCBD27C8A534B9BF28698A4643
Reporter abuse_ch
Tags:cab NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail-smail-vm73.hanmail.net
Sending IP: 211.231.106.67
From: Sam Xia <kinews@hanmail.net>
Subject: Re: Re: Re: NEW project for FIRE HYDRANT on CMCS003 LOA
Attachment: BFSV-1FN_1B-8B_ANSI.cab (contains "BFSV-1F(N)_1B-8B_ANSI.exe")

NanoCore RAT C2:
45.138.49.96:1759

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis157D3320CAFB.16048.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5efdbc2a6d953fd1612b40a55bf249fa3f7fdcf35e294638720d86632ae9181/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-06 09:56:19 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yxx5xqvg3fj72fqswqfflpzet6r7p7opgxrjiy4hedmgmmvosgaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c5efdbc2a6d953fd1612b40a55bf249fa3f7fdcf35e294638720d86632ae9181

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

cab c5efdbc2a6d953fd1612b40a55bf249fa3f7fdcf35e294638720d86632ae9181

(this sample)

NanoCore

Executable exe 5b474ca6fc8158bd6f14d53bca8962f25db3392dfe324f49ddf376610bd785e4

  
Dropping
MD5 157d3320cafb9799ed5d996692e8bea7
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5b474ca6fc8158bd6f14d53bca8962f25db3392dfe324f49ddf376610bd785e4

Comments