MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9af82f775d5e1c325523f1506838d143917da1c8dce8c6cec5ba63eda853ad9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9af82f775d5e1c325523f1506838d143917da1c8dce8c6cec5ba63eda853ad9
SHA3-384 hash: 3037215ee5f16bd93595d6f7c5c8a0917fdff58db2bf09687c0dba631fab125fdb62a52bd6b6145ddc11288a35bcb9d5
SHA1 hash: ef3472ce8f8f25a60ff033d9172a28a302ca25b6
MD5 hash: 95c7add5c0f58236360f1d4ab27a70fa
humanhash: monkey-failed-football-moon
File name:RFQ_Report_19757_pdf____.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:958'464 bytes
First seen:2021-01-30 19:44:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:N7jwqBTq512x8KMVo8QSHrUWlo9gihUy+G9042Hloeoumc7cJSG:ZjToIsYSHr5lUgc+Gz+sc7c1
TLSH 1915F1C0308488E7FBB5873270972A2B53225FA5187AA84F35BF765A4B7B4D3501B71E
Reporter abuse_ch
Tags:iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: logicoverdrive.org
Sending IP: 173.212.213.220
From: AHMED Khalid Mortadha <anna@findaproperty.gi>
Subject: Fwd: RFQ 18757 FOR CPUW-1022601 GASKET
Attachment: RFQ_Report_19757_pdf____.iso (contains "RFQ_Report_19757_pdf____.exe")

NanoCore RAT C2:
mimi1234.duckdns.org:5090

Intelligence

File Origin
# of uploads :
1
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9af82f775d5e1c325523f1506838d143917da1c8dce8c6cec5ba63eda853ad9/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zgxyf53v2xq4gjksh4kqna4ncq4rpwq4rxhiy3hmlotd5wufhlmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c9af82f775d5e1c325523f1506838d143917da1c8dce8c6cec5ba63eda853ad9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso c9af82f775d5e1c325523f1506838d143917da1c8dce8c6cec5ba63eda853ad9

(this sample)

NanoCore

Executable exe 90f1d3cfeae9107f43fe98543d03950bc513ed6c3cfd3755b2e12faf50c1f7b5

  
Dropping
MD5 cde72f9e2b0263c2d2233aa61a0e1339
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90f1d3cfeae9107f43fe98543d03950bc513ed6c3cfd3755b2e12faf50c1f7b5

Comments