MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd90eab5c964cad9b377fa11e541df36d215eaf724b8c57af48e15f674897e7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd90eab5c964cad9b377fa11e541df36d215eaf724b8c57af48e15f674897e7a
SHA3-384 hash: bba6e24bf291659f283a7d2ba524b507749681e13b2e0abecfebc311d79e66c66903e28ef3050e6bb76833e39b59b050
SHA1 hash: 8b02b17d578c27938e4c80eb90fd4ac531cfb328
MD5 hash: 535ab651f6a6057c6792b25b4517c8d7
humanhash: romeo-illinois-wolfram-hydrogen
File name:scanned.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:408'209 bytes
First seen:2020-08-10 11:50:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:DfURsHfMy4izht2peN1jyWen0hixE/Cyl1K4TkSF57Bbjz8DPMTck:4RGHttQiJbhicXL7oSF57B78zkck
TLSH DD942361B2BB5DD0B6AFD40FFDC546652933A6851CAA639083FE90CF0B75082B1056EE
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: slot0.yougurnu.com
Sending IP: 104.168.172.35
From: info@yougurnu.com
Subject: FW: RE: R29011CA !! Please reply ASAP
Attachment: scanned.rar (contains "scanned.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd90eab5c964cad9b377fa11e541df36d215eaf724b8c57af48e15f674897e7a/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 11:52:17 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zwiovnojmtfntm3x7ii6kqo7g3jbl2xxes4mk6xuryk7m5ejpz5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cd90eab5c964cad9b377fa11e541df36d215eaf724b8c57af48e15f674897e7a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar cd90eab5c964cad9b377fa11e541df36d215eaf724b8c57af48e15f674897e7a

(this sample)

NanoCore

Executable exe eb29cff78bd1361ba91bcc9abfba066afe030631bffbb0690a6ac9f407a4b5b6

  
Dropping
MD5 a8afecd9d10dbaa715872ff1f0d24e23
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eb29cff78bd1361ba91bcc9abfba066afe030631bffbb0690a6ac9f407a4b5b6

Comments