MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2335d29931aab1ecc92eb76a24607223baa82b55f8af20e1f67f6f98971407e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2335d29931aab1ecc92eb76a24607223baa82b55f8af20e1f67f6f98971407e
SHA3-384 hash: 5a2ae346cb7ee8c8625814c355bcbb5677e5e8074e218bdebc9b8bb7e95ed682de32917a303382d8d857cb838f6bd9fa
SHA1 hash: 683b315c8f26af6afa2f72b7b550316337fec9f5
MD5 hash: 96be5f63908a2fd1498cc7f68c78e99a
humanhash: michigan-alanine-mobile-pluto
File name:POAWB130501923096PDF.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:325'284 bytes
First seen:2020-06-12 06:38:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:rWAVaIBlLy7T9Jr82e2EgysgXPcZXfpAbDALSYxOhHEynAp6tX:rWBIBepdTEgyaXfmxYxInAM1
TLSH 196423E20BB2B473D5BF414052FB07DDE7DEDA391F4EC26E580C6649525889B1F2E980
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: WIN-KP3NFSDUTC3
Sending IP: 172.93.161.29
From: Guangzhou Grand Auto Parts Co.,ltd <autoparts@gzgrand.com.cn>
Reply-To: brianlee0147@yahoo.com
Subject: 回覆:Re: Request for PI
Attachment: POAWB130501923096PDF.zip (contains "PO#AWB130501923096PDF.exe")

NanoCore RAT C2:
shamimaquize.ddns.net:5678

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.42048.72.30595.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:40:08 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6izv2kmtdkvr5tes5n3kerqhei52vavvl6fpedq7m73ptclrib7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip f2335d29931aab1ecc92eb76a24607223baa82b55f8af20e1f67f6f98971407e

(this sample)

NanoCore

Executable exe 9af6516cda835f72d8c23f643d16035d6ed101bfcad887689d3c37a1cdfac91b

  
Dropping
MD5 14f12586c393f1e3479fa7b70e099de9
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9af6516cda835f72d8c23f643d16035d6ed101bfcad887689d3c37a1cdfac91b

Comments