MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05b767928a12a7132cd04cb09e2a33a449beb0a2f57e408aa20985a8282fb83b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05b767928a12a7132cd04cb09e2a33a449beb0a2f57e408aa20985a8282fb83b
SHA3-384 hash: 029ed8e068b0ce6fbad27c57d85e201b4929d40b1ecf8cd8ba318767f4acfa4f8ec43abde5d032be05bb4689e00143fa
SHA1 hash: f7d72f3e6ad5fc8b8806cde3831e2a225402fc1a
MD5 hash: 32941c1ef24ec52738b4d702174bc728
humanhash: johnny-cat-one-alanine
File name:05b767928a12a7132cd04cb09e2a33a449beb0a2f57e408aa20985a8282fb83b
Download: download sample
Signature NanoCore
Create hunting rule
File size:566'272 bytes
First seen:2020-03-27 04:17:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:CLV6BtpmkTb50hlhvR2WSLZciiFInhdmwxrW1NJrfV2rfWR:gApfPA2cnahEIrW13V2g
Threatray 1'086 similar samples on MalwareBazaar
TLSH 25C402226BE94A3FF19F46B9601216124779C3A35DC3F3DE5CE051B29F666E50A0B0E3
Reporter Marco_Ramilli
Tags:exe NanoCore

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Nanocore-5
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Nanocore
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 04:35:30 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
45 of 47 (95.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aw3wpeukcktrglgqjsyj4krture35mfc6v7ebcvcbgc2qkbpxa5q._file
Verdict:
malicious
Label(s):
nanocorerat
Create hunting rule
hawkeyekeylogger
Create hunting rule
Similar samples:
266c0f3b1cf78040080fce2037544112b77d23b25753c714d6390c2f705a3c34
NanoCore
5d37ea9d96ae208d4df3961643780b97016cf055128483ae287ad86616cbea45
NanoCore
756fde810887452ab2533283973f2e582df198988bcafde9f20dc85e35f4d5c4
NanoCore
83b70b20d0cdb13e9c420723ba5f025827d21e0c051c6e64b5553a5c372c3374
NanoCore
9c62e75f2dc168671bddfe8cad2b102197c10d9039d8917a7637585ff603dbdd
NanoCore
9fc240db7a0cd883c35e2cbfc6e8dcb2bb3921514dbce65aef46711de4a06a6a
NanoCore
bdddf5f5fa10f55e58819ff4ae4cf11902c3583503fa8fcf50ce67b1f1f66e4f
NanoCore
ddf157853be3dbebba9eea0db9815017a0c7d8dded210a5c291d7b0ccd2fd2be
NanoCore
e29e9d9beb5ce8187decf038cdc0b1d3102b4cfe43715a3b4f934098a943ebed
NanoCore
ed6ea055c622adab41b5eba73b4d556c4c843b9e77e21933297ca0ce972ce5c4
NanoCore
+ 1'076 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments