MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9966889f1fa85b29d5c0f252d60f64195aba794bffebcb73f3c5a617ed0faae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9966889f1fa85b29d5c0f252d60f64195aba794bffebcb73f3c5a617ed0faae
SHA3-384 hash: 997a6a359fddd87c3b49da26ba81596e17e61dbde72ec1c9f1e8544079b1e7b668fc6edfbf5d003bb19020b4dafc8ef2
SHA1 hash: 619994ff9dfe58356bc943cafafa0a13fa894b33
MD5 hash: fe76de0747ddc5b47817c871dc947793
humanhash: potato-bakerloo-five-seven
File name:Doc6620200947535257653.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:5'531'648 bytes
First seen:2021-01-12 16:54:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 98304:EfAG/Q0IRjCdGmZFT4nNSOJPtbFEG219YgQA2XNBe6/BBwM5q7HjQ5hZLbQh+B6j:EfA6tGm7T4nB+G219jQAABeIaMI7DQ5s
TLSH 894612CAD7E1594BD12421F55949EAA80311FCF93A52C228BA04FCDDBF333E19C5A2E5
Reporter abuse_ch
Tags:Hostwinds iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: hwsrv-816834.hostwindsdns.com
Sending IP: 192.119.66.34
From: Purchase <purchase@arabico.ae>
Subject: URGENT QUOTATION - arabico company dubai
Attachment: Doc6620200947535257653.iso (contains "Doc#6620200947535257653.exe")

NanoCore RAT C2:
annapro.linkpc.net:2212 (105.112.106.128)

Intelligence

File Origin
# of uploads :
1
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9966889f1fa85b29d5c0f252d60f64195aba794bffebcb73f3c5a617ed0faae/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-12 10:20:36 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7glgrcpr7kc3fhk4b4ss2yhwigk2xj4ux77lznz7hrngc7wq7kxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f9966889f1fa85b29d5c0f252d60f64195aba794bffebcb73f3c5a617ed0faae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso f9966889f1fa85b29d5c0f252d60f64195aba794bffebcb73f3c5a617ed0faae

(this sample)

NanoCore

Executable exe 96cdf96daea9002d2dcf31e5d37b7df4942ef6085209df1f6b269b9baca3e40a

  
Dropping
MD5 6618b8298100d5fb25d23b498a33d492
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 96cdf96daea9002d2dcf31e5d37b7df4942ef6085209df1f6b269b9baca3e40a

Comments