MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df4b6e0ed32d4879c68bb3b7c7ec5c401d6645b7082a05ff3e4cbc9d3b5ae052. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara Comments

SHA256 hash: df4b6e0ed32d4879c68bb3b7c7ec5c401d6645b7082a05ff3e4cbc9d3b5ae052
SHA3-384 hash: 0ad57ed1fe8dd3a1dd1b249aadf21a4c629d01cd3c7617698b5ac2c5c5ea51bfe8e3835637e93f1ea6b5fb510a84ab89
SHA1 hash: 93e7e3f1727991c4900af1e078c8832ea1d7dd27
MD5 hash: 8614a6c14b396083dc739b51f167d9fc
humanhash: eight-low-fruit-magnesium
File name:Update on Stamp Duty Charges on
Download: download sample
Signature NanoCore
File size:292'173 bytes
First seen:2020-06-30 13:20:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:eH6VfGryaFI55X8tgGV2F5QRnPTevp90aLK7eAXKS8HUJeq4dH9Hfa5XnS3vPG4x:eH6VfGuai58OGV2wJTciwjAXZ8HUJoHX
TLSH DF54237E802634A9DB980ABC28BED4C6EDDCB0FE2717793859C7FA4F1A200C5294DD55
Reporter @abuse_ch
Tags:NanoCore RAT zip

Malspam distributing NanoCore:

Sending IP:
From: Paga comms <>
Reply-To: Paga <>
Subject: Update on Stamp Duty Charges on paga
Attachment: Update on Stamp Duty Charges on (contains "Update on Stamp Duty Charges on Paga.pdf.scr")

NanoCore RAT C2:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 32
Origin country FR FR
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Genkryptik
First seen:2020-06-30 13:22:05 UTC
AV detection:26 of 48 (54.17%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information

The table below shows additional information about this malware sample such as delivery method and external references.



zip df4b6e0ed32d4879c68bb3b7c7ec5c401d6645b7082a05ff3e4cbc9d3b5ae052

(this sample)

Delivery method
Distributed via e-mail attachment