MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd80bff2752b84f6bc88e43eb91fc0d7f9798d00df971aadd4c4c272b0aa55e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd80bff2752b84f6bc88e43eb91fc0d7f9798d00df971aadd4c4c272b0aa55e9
SHA3-384 hash: 13e1a7b58c1b3cc8032a319ff7a592ca8a32106568a4ea16a09688b3a78a27304e11a5bc71305fdd5e359ed132ed794a
SHA1 hash: 8e75afd9588b120ff992ffe98818611460898df8
MD5 hash: 62b54f5ef2cc02e03ad851f7f1714a97
humanhash: connecticut-hotel-west-apart
File name:ORDER PMX-PT-2001 STOCK+NOVO.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:628'698 bytes
First seen:2020-11-26 08:48:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ebx9I+wPqvj3ng0fLRc1S58ksaXJQp43jMYrr188gbkFXtrFJ1rn2v4rVd4:ebk5Pq7QQc1pqXJ0kjByF0FJMvWd4
TLSH 62D423D27A771FB6A61C127F0D8C8E528BF12CD52B3790A6C4C842E19D9DCB1F2286D5
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: [45.15.143.160]
Sending IP: 45.15.143.160
From: Veronica Martin <veronica.martin@vitrabypavilion.com>
Subject: PAVILION - ORDER PMX-PT-2001 STOCK+NOVO
Attachment: ORDER PMX-PT-2001 STOCK+NOVO.zip (contains "ORDER PMX-PT-2001 STOCK+NOVO.exe")

NanoCore RAT C2:
nanopc.linkpc.net:40700

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd80bff2752b84f6bc88e43eb91fc0d7f9798d00df971aadd4c4c272b0aa55e9/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-26 08:49:04 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zwal74tvfocpnpei4q7lsh6a274xtdia36lrvlouytbhfmfkkxuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip cd80bff2752b84f6bc88e43eb91fc0d7f9798d00df971aadd4c4c272b0aa55e9

(this sample)

NanoCore

Executable exe 7534a4ffb8ef83103485bcce9d51b2af93730a9d578e2b8b5f7ff473c0f8092d

  
Dropping
MD5 ce724d85d4615439ff27f5573c9aaa8f
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7534a4ffb8ef83103485bcce9d51b2af93730a9d578e2b8b5f7ff473c0f8092d

Comments