MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d65832de37d18dab14860890171cefb6b30eb62b4e5b2065373f813a0a04ec05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d65832de37d18dab14860890171cefb6b30eb62b4e5b2065373f813a0a04ec05
SHA3-384 hash: fba7225ceb684a3bcd1b5fe9be88be29f73dd1a24825411984f5d91868f4da04f5f67752bd7b9cf08624ca2f2c33240a
SHA1 hash: aad7ff1b76591777dd1731753a16988a080c4697
MD5 hash: 334cfdca49fdb72b6b3107bec9c8e229
humanhash: ohio-hamper-kentucky-glucose
File name:DHL_231410 receipt document,pdf.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'206'272 bytes
First seen:2021-02-09 18:55:35 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:ES/+Z7zQ7+Xlwo7/UT8C4mVyE80jFl+wBYBXkC:ES/GzQ7qvNR3eHUX
TLSH 5E4535E4EDA1E131F95476F2D6BE9370452E2C215B61AD0E3628338A1A732CDC5D3ED2
Reporter abuse_ch
Tags:DHL iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail2.alfaspeedy.com
Sending IP: 161.35.226.67
From: DHL Express Cargo <delivery@dhl.com>
Subject: RE: DHL CARGO DELIVERY
Attachment: DHL_231410 receipt document,pdf.iso (contains "DHL_231410 receipt document,pdf.exe")

NanoCore RAT C2:
insidelife1.ddns.net:2021

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts72.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d65832de37d18dab14860890171cefb6b30eb62b4e5b2065373f813a0a04ec05/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 15:36:12 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2zmdfxrx2gg2wfegbcibohhpw2zq5nrljznsazjxh6atucqe5qcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d65832de37d18dab14860890171cefb6b30eb62b4e5b2065373f813a0a04ec05

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso d65832de37d18dab14860890171cefb6b30eb62b4e5b2065373f813a0a04ec05

(this sample)

NanoCore

Executable exe 1dc9f615184b3fbdf68f315ba5e0cc78c8ac84c8cfb048ed5f471b13944d1e51

  
Dropping
MD5 c0494dc266bddfb7e7f2091b9ca67116
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1dc9f615184b3fbdf68f315ba5e0cc78c8ac84c8cfb048ed5f471b13944d1e51

Comments