MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a65f8ed154f56e3a4eecd9d577f7cd52a9528f700f550c545a1830162e6f44e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a65f8ed154f56e3a4eecd9d577f7cd52a9528f700f550c545a1830162e6f44e9
SHA3-384 hash: 244fd94af13ee55f83d790176a1cdfa8a21d42d2c71712f6cdbbbba12f4018f9f63f81f169ae6ea73f23b116ada3843f
SHA1 hash: 86687a9ac17d0bf53b4d9bbbe3ee951f0dba7753
MD5 hash: 4ce6c9b44a5d9c995929bdde7049e1b3
humanhash: georgia-pluto-apart-mexico
File name:STATEMENT OF ACCOUNT.r00
Download: download sample
Signature NanoCore
Create hunting rule
File size:551'936 bytes
First seen:2020-09-02 05:02:12 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:yU1ORckUwFXCDxeyfcNUR1VsJNH6Lczcu5mtwwReD7U9L0:BOOkTI1jfcGsD6LczmtwwRX0
TLSH 1EC423DA5B53BAEB84AEB59257F0CCC6C45F315D4DD542D820C0BE9F68EE5E880083CA
Reporter cocaman
Tags:NanoCore r00


Avatar
cocaman
Malicious email
From: "irfan" <irfan@alasateen.com>
Received: from alasateen.com (unknown [185.222.57.241])
Date: 01 Sep 2020 21:05:58 -0700
Subject: RE: STATEMENT OF ACCOUNT
Attachment: STATEMENT OF ACCOUNT.r00

Intelligence

File Origin
# of uploads :
1
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a65f8ed154f56e3a4eecd9d577f7cd52a9528f700f550c545a1830162e6f44e9/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-09-01 20:31:13 UTC
File Type:
Binary (Archive)
Extracted files:
410
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uzpy5uku6vxdutxm3hkxp56nkkuvfd3qb5kqyvc2daybmltpituq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a65f8ed154f56e3a4eecd9d577f7cd52a9528f700f550c545a1830162e6f44e9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

r00 a65f8ed154f56e3a4eecd9d577f7cd52a9528f700f550c545a1830162e6f44e9

(this sample)

NanoCore

Executable exe 9f1d012b4136a91214c631157c3ecba83c82ada463184fc05eaa7ef44a008b57

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9f1d012b4136a91214c631157c3ecba83c82ada463184fc05eaa7ef44a008b57
  
Dropping
NanoCore

Comments