Security Advisory: Email delivery of Nanocore RAT

December 10, 2019

This advisory details a recent security incident detected by one of our deployed security operations teams, which relates to malware distribution by email.

An email was sent to three user accounts containing an attached malware executable. The malicious attachment contained a single disk image .img file, inside of which is a Windows Portable Executable (PE) binary. It was identified by Windows Defender, but was not highlighted by Office365 Advanced Threat Protection.

For detailed analysis of the delivered malware, see our blog.

Alternatively, get in touch if you’d like to chat to us.

Malware Details

Filename: Recent Invoice.img
Targeted OS: Windows NT 32-bit
SHA-256 Hash: 942473d08b97bd32b38cdbd4d598e6af509881493785770a3d1c513f8e6d8ca6
Cyber Lab