MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcd6339b39c526477e39809fa151991e8e864beec5110a950ae7bbe61a00a99f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcd6339b39c526477e39809fa151991e8e864beec5110a950ae7bbe61a00a99f
SHA3-384 hash: c43cfdc1d8b940c835f1df8050fa5ecba486d0f0b01b7dbda473de8ebfb7baeb221dd0358bf3e27c8a209ad47de4227e
SHA1 hash: 19f1b397a75457452a47bebdfdcd9a31a201b029
MD5 hash: d2201ae444a97bece62745c7292a8564
humanhash: carbon-dakota-undress-nineteen
File name:DHL AWB TRACKING DETAILS.PDF.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:318'560 bytes
First seen:2021-02-27 12:48:30 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:49DqrH7mZe/qyhTL5LMgZwKbDr6xjnI0tGm572uemjAspIaAQTAYWRkme/6uY2j3:8QyZe/xL/eAmt22AAkYWRkm1R2jljN
TLSH BC64237EC42D285A747020B0782F5C6F6181C492085EFED27C4A6A54B63361F9E6DFDE
Reporter abuse_ch
Tags:DHL NanoCore RAT z


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: rdns0.15thbonpertyjoo.tk
Sending IP: 92.53.107.24
From: DHL OFFICE <info@15thbonpertyjoo.tk>
Subject: DHL Delivery Failed victim-email
Attachment: DHL AWB TRACKING DETAILS.PDF.z (contains "DHL AWB TRACKING DETAILS.exe")

NanoCore RAT C2:
chinomso.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fcd6339b39c526477e39809fa151991e8e864beec5110a950ae7bbe61a00a99f/
Threat name:
Win32.Trojan.SpyNoon
Create hunting rule
Status:
Malicious
First seen:
2021-02-27 12:49:06 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7tldhgzzyuteo7rzqcp2cumzd2hims7oyuiqvfik4656mgqavgpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fcd6339b39c526477e39809fa151991e8e864beec5110a950ae7bbe61a00a99f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z fcd6339b39c526477e39809fa151991e8e864beec5110a950ae7bbe61a00a99f

(this sample)

NanoCore

Executable exe 9da4dcbaeacef69514b7576eb1a9af401d3dfd354a2d12e9a0e7b8b7e4db2703

  
Dropping
MD5 7f6328d720eba605c4e06325e0337f79
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9da4dcbaeacef69514b7576eb1a9af401d3dfd354a2d12e9a0e7b8b7e4db2703

Comments