MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e87dcc786e6f0b3e0624cdf93415f8f60bbc957ad6c00458941496fe95f4afd2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e87dcc786e6f0b3e0624cdf93415f8f60bbc957ad6c00458941496fe95f4afd2
SHA3-384 hash: 2e50d267fc6f2b0f6e5a4a3a1cd29ea0a41aff6bd6c0c10bcec833e4ae8a1a137f3e5e3d7359c493bac9b2b2a616e946
SHA1 hash: 567db0d1c43fea8276037db28aebf4fbd382336a
MD5 hash: 3080daec16c08af80e0c8658b63231c4
humanhash: beryllium-echo-batman-white
File name:894H-2CH-F-C G03 6VDC.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:598'436 bytes
First seen:2020-10-20 14:58:07 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:v5VRebdoGaHASBsk+SarbEP5vcxxq8uNUtYGdxrqIynVmikOO:vpQyGjSaUP9QxZiUVdUIynsia
TLSH 9BD4238688027F73F5899DE68C7AE91D00CB05F3390EE536FF794046BA02645AED52B7
Reporter abuse_ch
Tags:gz NanoCore


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.pantin-hoes.com
Sending IP: 45.95.169.163
From: SBS Steel <info@steelbeltsystems.it>
Subject: Local-PO#170460 //Mro-Tek EO158777
Attachment: 894H-2CH-F-C G03 6VDC.gz (contains "894H-2CH-F-C G03 6VDC.exe")

NanoCore RAT C2:
petroleum.sytes.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e87dcc786e6f0b3e0624cdf93415f8f60bbc957ad6c00458941496fe95f4afd2/
Threat name:
ByteCode-MSIL.Ransomware.HiddenTear
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 12:42:33 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5b64y6don4ft4brezx4tifpy6yf3zfl223aaiweucslp5fpuv7ja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e87dcc786e6f0b3e0624cdf93415f8f60bbc957ad6c00458941496fe95f4afd2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz e87dcc786e6f0b3e0624cdf93415f8f60bbc957ad6c00458941496fe95f4afd2

(this sample)

NanoCore

Executable exe f33b04e70f2fc761eff1733327724858552f6d40716e0eeaf5aff5e892b97d54

  
Dropping
MD5 d81d5c1d940271da3593e61b83685edc
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f33b04e70f2fc761eff1733327724858552f6d40716e0eeaf5aff5e892b97d54

Comments