MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a51744ded704edee55f263c4f1bcb17947df3a53510268a5ca3c3dda077713a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a51744ded704edee55f263c4f1bcb17947df3a53510268a5ca3c3dda077713a
SHA3-384 hash: dc659d2701b0c3580141a01eda786ed4affdb6c3e99f1ca7ffdfdc4f400b88c97201d78826824ae07554fd7a5bcd1874
SHA1 hash: cc7d768539802eaca766bb9de4fbd2a246a7e010
MD5 hash: fa1094012602e06b190f7365c9733054
humanhash: kansas-cola-early-louisiana
File name:URGENT RFQ.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:440'597 bytes
First seen:2020-10-20 08:28:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:gEDamVXT0pyNlvuWJuKWqfGAbtvVQtgYf6RrPf8uwIfTyXKvpcA37iE:7DamVDYul2WJuKrbzBYIHFtfTJpHB
TLSH 439423657A42ECD074FB7BE8E19D14033424B6C9C34C706C9B74ADA9EB107D95279C2A
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: server.weserver.eu
Sending IP: 144.76.136.139
From: info@embryogenesis.gr
Subject: URGENT #RFQ
Attachment: URGENT RFQ.zip (contains "URGENT #RFQ.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a51744ded704edee55f263c4f1bcb17947df3a53510268a5ca3c3dda077713a/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 04:41:11 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bjixitpnobhn5zk7ey6e6g6lc6kh345fguicncs4upb53idxoe5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0a51744ded704edee55f263c4f1bcb17947df3a53510268a5ca3c3dda077713a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 0a51744ded704edee55f263c4f1bcb17947df3a53510268a5ca3c3dda077713a

(this sample)

NanoCore

Executable exe 74e146d632dc58d77431cad79741fa43deabd0b79a2fcd30ac319227de69f5e9

  
Dropping
MD5 011640090cb9d6f230eaf5fce393a439
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74e146d632dc58d77431cad79741fa43deabd0b79a2fcd30ac319227de69f5e9

Comments