MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fc5347c2601363c18b08e0298d167303100146bad8d9ffc1e9050f4905b4809. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fc5347c2601363c18b08e0298d167303100146bad8d9ffc1e9050f4905b4809
SHA3-384 hash: 9f88af0ff3a91e6e7fae8bc568e7b11bc8ea06001e70aaef86d5f611d3ced85b669f7be70b32823ec92356d453c203a1
SHA1 hash: 2934379eed528acb96793572d2a18648f3e3b878
MD5 hash: c84e4aabf6eceb56b69b55b167bf80b1
humanhash: pip-edward-august-nuts
File name:P-O Doc 6620200947535257653.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:994'070 bytes
First seen:2020-12-21 07:35:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:HNsLSIyx+67n/qlfFlB2p5Rs8mTZa6j6Ltgu:HuSZx+GnEXB+5C8EZ36LKu
TLSH F32533F1D0483EDA78A716E7F695311F675B04B3260185B89AD38B9A13C958AF02F73C
Reporter abuse_ch
Tags:Hostwinds NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: hwsrv-816835.hostwindsdns.com
Sending IP: 104.168.174.166
From: Purchase <support@hikeinvest.com>
Subject: URGENT QUOTATION - arabico company dubai
Attachment: P-O Doc 6620200947535257653.zip (contains "P-O Doc #6620200947535257653.exe")

NanoCore RAT C2:
annapro.linkpc.net:54984 (105.112.116.118)

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisB68C06F16490.345.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fc5347c2601363c18b08e0298d167303100146bad8d9ffc1e9050f4905b4809/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 07:36:05 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7cti7bgae3dygfqrybjrulhgayqafdlvwgz77a6sbipjec3jaeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0fc5347c2601363c18b08e0298d167303100146bad8d9ffc1e9050f4905b4809

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 0fc5347c2601363c18b08e0298d167303100146bad8d9ffc1e9050f4905b4809

(this sample)

NanoCore

Executable exe ea35c04468d68c2fde827d915e0ffac88a6e01249e3196148d1681c8ad91e9a9

  
Dropping
MD5 b68c06f16490e179a0e16527e1fbb816
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea35c04468d68c2fde827d915e0ffac88a6e01249e3196148d1681c8ad91e9a9

Comments