MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01c171323f45d60a798407f60ff636e4afcac5a1be74e6cec0d659279f89fd07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01c171323f45d60a798407f60ff636e4afcac5a1be74e6cec0d659279f89fd07
SHA3-384 hash: 6f76c0c21d52d20798f328da67fca226fe0a1e2516be503cab4cea44de1b349823280372bb7ddd773802061eb631a624
SHA1 hash: accc22619f95ee5dc1c8ddae8fe6634249690195
MD5 hash: 38af9e47c87d7a42498c56089da1ef8a
humanhash: charlie-coffee-twenty-mars
File name:STATEMENT OF ACCOUNT.uue
Download: download sample
Signature NanoCore
Create hunting rule
File size:714'732 bytes
First seen:2020-10-12 06:17:54 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:30ggebZ5nvU+orIEBTXyt/DkTv9S1kh0z57GmNgGoepcV/UG85knBB4n:3zg03v9orIEhCt/DD1E03DTc5585kb4n
TLSH B1E4230DE9B2BA1BF53B2004F25CE34C597A28514D6C4F169AAA239F74E51F0D8FD827
Reporter abuse_ch
Tags:NanoCore RAT uue


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: [131.153.18.91]
Sending IP: 131.153.18.91
From: accounts_removals1@gifco.com
Subject: STATEMENT OF ACCOUNT
Attachment: STATEMENT OF ACCOUNT.uue (contains "STATEMENT OF ACCOUNT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01c171323f45d60a798407f60ff636e4afcac5a1be74e6cec0d659279f89fd07/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 03:30:17 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahaxcmr7ixlau6mea73a75rw4sx4vrnbxz2ontwa2zmsph4j7udq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/01c171323f45d60a798407f60ff636e4afcac5a1be74e6cec0d659279f89fd07

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

uue 01c171323f45d60a798407f60ff636e4afcac5a1be74e6cec0d659279f89fd07

(this sample)

NanoCore

Executable exe ea49f722d6874e9b0b754f8116edceee6cdf4b85aa893d1b86053bfc506e5602

  
Dropping
MD5 b9440f3ad2aa7d4634ef51c73126c426
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea49f722d6874e9b0b754f8116edceee6cdf4b85aa893d1b86053bfc506e5602

Comments