MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11a0784a130e412147b5122aa0a76795f26fc1f0747bf18aac643a81d710f2fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11a0784a130e412147b5122aa0a76795f26fc1f0747bf18aac643a81d710f2fe
SHA3-384 hash: a3b2f7e947a4f864fff7c7d42895120fe05af1505c0af2295f066927c28b425a61f7b503899c992ba786560a16315c1a
SHA1 hash: 3657eadc7aa780b36b948e00b9e1fcd24df7a37a
MD5 hash: 6d7f995f29d2e6fbe30612c99e1f4738
humanhash: zebra-enemy-table-red
File name:PO 202100322.xz
Download: download sample
Signature NanoCore
Create hunting rule
File size:592'353 bytes
First seen:2021-02-04 17:25:52 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:y2tGhs3f8BK/BQOGOxUpWZ/Ev/z7yv93VjnYTjc+RUQ73nUGqOAN:ihiOGB2ZWFw4bW3nUGqzN
TLSH F7C423DF74DDA0C6E3C64489B8A49B2922519EC3370365276910EC9326CEBC43DF9E36
Reporter abuse_ch
Tags:GoDaddy NanoCore RAT xz


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: sg2plwbeout19-3.prod.sin2.secureserver.net
Sending IP: 182.50.144.39
From: <purchase@cmcpl.co.in>
Subject: NEW PO 202100322
Attachment: PO 202100322.xz (contains "PO 202100322.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
214
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11a0784a130e412147b5122aa0a76795f26fc1f0747bf18aac643a81d710f2fe/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-04 17:26:14 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgqhqsqtbzascr5vcivkbj3hsxzg7qpqor57dcvmmq5idvyq6l7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/11a0784a130e412147b5122aa0a76795f26fc1f0747bf18aac643a81d710f2fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

xz 11a0784a130e412147b5122aa0a76795f26fc1f0747bf18aac643a81d710f2fe

(this sample)

NanoCore

Executable exe ff17e064eccb46f105427ed4c042ebec8ee341e41c1431944a9cda732988644e

  
Dropping
MD5 94ee9d3c8abc2724129c8f382e02aae7
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ff17e064eccb46f105427ed4c042ebec8ee341e41c1431944a9cda732988644e

Comments