MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1f56fcaf231eba3ae5b6d0ae76f9e47713ff743daa96a19cf8c6e5e58fda407. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1f56fcaf231eba3ae5b6d0ae76f9e47713ff743daa96a19cf8c6e5e58fda407
SHA3-384 hash: 73dd6ee41d6f2d01ea9a3d98db7dab9952e4fc3948be4c3bb3b0589972eee716a4ccba66fe7282d670b8a76c998d0612
SHA1 hash: cd5d357145dc71065c3461910dbed62008f2bd64
MD5 hash: aac677a5f4a97e0b2d63243c129cfea0
humanhash: colorado-seventeen-wyoming-lake
File name:Bank_Transfer_8312020,pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:704'533 bytes
First seen:2020-08-31 12:56:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:FWVc7Q4keeIZt7ZqqM9B2d7vb7KJ6Jtctu68aOPsOhKkXhyzbtlTpDNKB45m7QgF:FB5ZJchgb7KJ6JqsHPsuXUbtlIUgL9sM
TLSH 76E423272D89DD9FE3F386944CCEAD886962195DB42A3851519C31831F6AF8F807FA1C
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: web72.smartstrategies.gr
Sending IP: 88.99.208.204
From: Mahendra Khadayate <mkhadayate@timetechnoplast.com>
Subject: Payment Ref
Attachment: Bank_Transfer_8312020,pdf.zip (contains "Bank_Transfer_8312020,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f1f56fcaf231eba3ae5b6d0ae76f9e47713ff743daa96a19cf8c6e5e58fda407/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 03:12:37 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6h2w7sxsghv2hls3nufoo346i5yt752d3kuwugoprrxf4wh5uqdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f1f56fcaf231eba3ae5b6d0ae76f9e47713ff743daa96a19cf8c6e5e58fda407

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip f1f56fcaf231eba3ae5b6d0ae76f9e47713ff743daa96a19cf8c6e5e58fda407

(this sample)

NanoCore

Executable exe e29e9d9beb5ce8187decf038cdc0b1d3102b4cfe43715a3b4f934098a943ebed

  
Dropping
MD5 8ce612205b8d0f4ba36d9ce5c310f0e6
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e29e9d9beb5ce8187decf038cdc0b1d3102b4cfe43715a3b4f934098a943ebed

Comments