MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db5b94e37f04f66d61ebf7725a9f4514a2b6dfb925ec94d5fd26f2934f739d46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db5b94e37f04f66d61ebf7725a9f4514a2b6dfb925ec94d5fd26f2934f739d46
SHA3-384 hash: f88fcb497939c520b3f4daaaa9d9e8a36e536a7b4dbe1cf874d566d9687e7b73c7146a522f69c9b8b09913b61504e167
SHA1 hash: 7168621b433e3fb2602526474737e177d81e804f
MD5 hash: 6ab4212bc719f110e087114d6e439c3b
humanhash: blossom-nine-wyoming-high
File name:INVOICE COPY.lzh
Download: download sample
Signature NanoCore
Create hunting rule
File size:973'184 bytes
First seen:2020-08-17 08:04:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:P+y87ZXx+FJ9Z4AvtZDmeLqxi5OdC+T9kErX+GZl:WV9x+/92mGP/TFuUl
TLSH 6E25331979E6128E70B5E302B3F34B68534F5B9117CFABC19305031BA3AD9B58B6A3C1
Reporter abuse_ch
Tags:lzh NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: [50.3.177.69]
Sending IP: 50.3.177.69
From: aleksandr@vestholding.com
Subject: RE: REQUESTING DISCOUNT
Attachment: INVOICE COPY.lzh (contains "INVOICE COPY.pdf.exe")

NanoCore RAT C2:
bbshp.giize.com:9301 (104.255.168.249)

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db5b94e37f04f66d61ebf7725a9f4514a2b6dfb925ec94d5fd26f2934f739d46/
Threat name:
Win32.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 08:06:06 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3nnzjy37at3g2ypl65zfvh2fcsrlnx5zexwjjvp5e3zjgt3ttvda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/db5b94e37f04f66d61ebf7725a9f4514a2b6dfb925ec94d5fd26f2934f739d46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar db5b94e37f04f66d61ebf7725a9f4514a2b6dfb925ec94d5fd26f2934f739d46

(this sample)

NanoCore

Executable exe 1ca9978db84d8cad7f6a8f838e106799352c386cfa3aee2bbefa195e7fabe166

  
Dropping
MD5 be48d1528b84a01897cf4bb91b0cc0de
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1ca9978db84d8cad7f6a8f838e106799352c386cfa3aee2bbefa195e7fabe166

Comments