MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d457d8dc5792eb1d1433b4a1ae5aa094e287d0d7097cec4477b9cbc00add51ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d457d8dc5792eb1d1433b4a1ae5aa094e287d0d7097cec4477b9cbc00add51ba
SHA3-384 hash: 8088797c092957e51f40f1141bbb6b66678d0b56b5f27713965484c2aea4e9ac200563b8cfeff7f6148b9244c0ea4f51
SHA1 hash: e538c7a506eba30002ec2abbbd562890994410c1
MD5 hash: c38fa182f39580d42af7b62ecc10a079
humanhash: purple-west-salami-wolfram
File name:CN-Invoice-XXXXX9808-19011143287990.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:247'808 bytes
First seen:2021-02-19 07:02:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:wAT5CPKEBolfpKjCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCXCCCCCCI:KPbolfIpmRZtBs
TLSH 6D3466DE02F1105FE11945B4A999EFE01961ECB8BB62C215BD44FCCEBF723E154622E2
Reporter abuse_ch
Tags:FedEx iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: [192.188.88.227]
Sending IP: 192.188.88.227
From: FedEx Express - Do Not Reply <Carrie.Park@expeditors.com>
Reply-To: nopeply-fedeoxngr@iname.com
Subject: [CN]: FedEx Invoice 账单 (CustomerAccount -XXXXX9808-19011143287990)
Attachment: CN-Invoice-XXXXX9808-19011143287990.iso (contains "CN-Invoice-XXXXX9808-19011143287990.exe")

NanoCore RAT C2:
nanopc.linkpc.net:50005 (185.157.161.86)

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.11969.17611.2296.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d457d8dc5792eb1d1433b4a1ae5aa094e287d0d7097cec4477b9cbc00add51ba/
Threat name:
ByteCode-MSIL.Backdoor.Heracles
Create hunting rule
Status:
Malicious
First seen:
2021-02-19 05:25:09 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2rl5rxcxslvr2fbtwsq24wvastripugxbf6oyrdxxhf4acw5kg5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d457d8dc5792eb1d1433b4a1ae5aa094e287d0d7097cec4477b9cbc00add51ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso d457d8dc5792eb1d1433b4a1ae5aa094e287d0d7097cec4477b9cbc00add51ba

(this sample)

NanoCore

Executable exe 38e808b501a37c1331be6a4355ff59cded87bb6316d4fac99bf4216647417996

  
Dropping
MD5 6bb5efb9369c6e501d3da40858e283b1
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 38e808b501a37c1331be6a4355ff59cded87bb6316d4fac99bf4216647417996

Comments