MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af0924561044314e9cd2c7d1fb13179325b918b4719cd0d786fc567ea5688b4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af0924561044314e9cd2c7d1fb13179325b918b4719cd0d786fc567ea5688b4d
SHA3-384 hash: ac208e81b5fc5ab7434eebe9e102f41f869754f5ec8f71180709116d59beced051b54fb7289cabf7bf5d03611e4e58b1
SHA1 hash: 33078706fd9a46f71075e813d5d14319a29f2cc5
MD5 hash: 57f344aaa112295c4ce25219fa523e31
humanhash: zulu-don-ten-happy
File name:Payment Remittance System.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:679'497 bytes
First seen:2020-08-18 11:56:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Z5UDwq324Z2uuevd1mUuwIkkuz6HFK1ellS/dQZHIPwk6jYGWgU:zEkuVLruqkuzSFK8slENkEDWJ
TLSH 8AE423B8710F8A0F978144ADB5D3E754DB63EED3C2F0D67B0A894005B1AF6D1149FAA8
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: box-smtp2.robocision.info
Sending IP: 178.175.148.197
From: EMPIRE INVESTMENTZ <postmaster@empireinvestmentz.com>
Subject: Re: Payment Remittance System
Attachment: Payment Remittance System.rar (contains "systempact.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af0924561044314e9cd2c7d1fb13179325b918b4719cd0d786fc567ea5688b4d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:58:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4esivqqiqyu5hgsy7i7weyxsms3sgfuogonbv4g7rlh5jlirngq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NanoCore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/af0924561044314e9cd2c7d1fb13179325b918b4719cd0d786fc567ea5688b4d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar af0924561044314e9cd2c7d1fb13179325b918b4719cd0d786fc567ea5688b4d

(this sample)

NanoCore

Executable exe 3640e0bfb26ad5e7cf64e2b1b927031f49b84c1dab0e4460b18de6e57904ff7e

  
Dropping
MD5 fe88f25cef3eacd8445afbd97514dcbf
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3640e0bfb26ad5e7cf64e2b1b927031f49b84c1dab0e4460b18de6e57904ff7e

Comments