MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8ae438c72ffdbd7bfbabf6dbb6bd5d82402654dab91e993e852b2bfa49d7a6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8ae438c72ffdbd7bfbabf6dbb6bd5d82402654dab91e993e852b2bfa49d7a6d
SHA3-384 hash: 464365838d9bf1fe21bb608b028ee5237a8c00d38ac81dcc24fb2dafe54eb0a1f39209d909b84b5f9971b2e3959bff38
SHA1 hash: d4a50bd58a6d3844be7df60df7e9065c1364eb35
MD5 hash: 0cb2a78ae0200fa3fb4d49ef3f694595
humanhash: east-artist-foxtrot-network
File name:Product Needed.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:514'431 bytes
First seen:2020-05-25 08:46:49 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:2s9h3D0bAbZWcOIYb98S4eK7FTxYvawUSOTwmuw:28hGAbdOiFtYvawU0mT
TLSH 82B42337E0CDA66BA416C81079EB813D946C0A2622BCDC4F6293F8FD172F113DE46D92
Reporter abuse_ch
Tags:NanoCore RAT z


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail-40132.protonmail.ch
Sending IP: 185.70.40.132
From: Jeffpezoz770 <Jeffpezoz770@protonmail.com>
Reply-To: Jeffpezoz770 <Jeffpezoz770@protonmail.com>
Subject: Re: product catalog
Attachment: Product Needed.z (contains "Product Needed.scr")

NanoCore RAT C2s:
latestspyhostincsub.hopto.org:62830 (129.56.27.198)
alilatestspyhost.ddns.net:62830 (129.56.27.198)

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 09:36:17 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z d8ae438c72ffdbd7bfbabf6dbb6bd5d82402654dab91e993e852b2bfa49d7a6d

(this sample)

NanoCore

Executable exe 2a51dc72b480d943f292ef6137a3d864ac85fec1d59632c52d12636b7285bee9

  
Dropping
MD5 f1c2c21ef5ae1f6eb431800b21f60cb5
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a51dc72b480d943f292ef6137a3d864ac85fec1d59632c52d12636b7285bee9

Comments