MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d008daaa28b47e93f1bd5c690e23f1194464d38875ed5ff9b548d200100ad34b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d008daaa28b47e93f1bd5c690e23f1194464d38875ed5ff9b548d200100ad34b
SHA3-384 hash: 8babd0ce41076e106945fdb18d04af15252bd439d71c96261c463b4c5d6adfa810feb49302790e002a59c8a33a29a02c
SHA1 hash: 7eade9d23f35b1b60289a585fd34adf79679db06
MD5 hash: 079e7e9e3b8cbe85d523d6b37956dbe2
humanhash: tango-romeo-finch-pasta
File name:SOA copy.pdf.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:816'215 bytes
First seen:2020-11-05 18:50:56 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:ktJ6N7mICqZA464WY3O6ufLLREaF8GjxI0I3WOx219:kE7FZTWY3MAGjxLI3JA
TLSH 0C05235726001F5E8673BA3C8767F4F990913F1FBF4923196F069469C8827DA89CE2B1
Reporter abuse_ch
Tags:NanoCore RAT z


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: derbywineestates.com
Sending IP: 70.32.86.63
From: PAYMENT GENERAL <jeouwoai87@gmail.com>
Subject: SOA FOR THE MONTH OF OCTOBER 2020
Attachment: SOA copy.pdf.z (contains "SOA copy.pdf.exe")

NanoCore RAT C2:
delightson.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d008daaa28b47e93f1bd5c690e23f1194464d38875ed5ff9b548d200100ad34b/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 16:54:37 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2aenvkriwr7jh4n5lruq4i7rdfcgju4ioxwv76nvjdjaaeak2nfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d008daaa28b47e93f1bd5c690e23f1194464d38875ed5ff9b548d200100ad34b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z d008daaa28b47e93f1bd5c690e23f1194464d38875ed5ff9b548d200100ad34b

(this sample)

NanoCore

Executable exe 539edf8cbc6fe33f365d3fbf88f6523f1f757b7ef19af5fda2b5d6ef3bbbd0ce

  
Dropping
MD5 f762780a68725fc4905d8416ef7f0a17
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 539edf8cbc6fe33f365d3fbf88f6523f1f757b7ef19af5fda2b5d6ef3bbbd0ce

Comments