MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12217f0f03057b1d756406cf1527b6a3b38139cc9e7629517151aea85024c6cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12217f0f03057b1d756406cf1527b6a3b38139cc9e7629517151aea85024c6cb
SHA3-384 hash: 541c9f4279e32611c4c945cb87903acef28b172d459e7e48aeda9e840eb7fdbaeb9f9558401a8b2225d5940a07467a02
SHA1 hash: 36d2fb115eff315a44eae6b71785a7834472e709
MD5 hash: 299184751169588bb43ab317ac52d444
humanhash: cat-zulu-grey-hotel
File name:Q5851042-5811914915-001 PO340437.IMG
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-02 12:18:31 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:Yqztei3VRMoZFBqSxb4Nb2h4U8mmf+7DD8h6U6lbqJFhNs22uZinUilv8:xztVRTxmbql7DD8wUF/zvz8Ui
TLSH 0745BE106FEB4EE5E87A0970A8B2B524F1A73CDEA535C22F255CB6190B73B0447617E3
Reporter abuse_ch
Tags:img NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: westsalem.com
Sending IP: 45.76.206.194
From: Planning/Purchasing <wesleyp@westsalem.com>
Subject: RE: Q#5851042-5811/#914915-001/ PO#340437
Attachment: Q5851042-5811914915-001 PO340437.IMG (contains "Q#5851042-5811#914915-001 PO#340437.exe")

NanoCore RAT C2:
classof.theworkpc.com:3762 (45.143.222.14)

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQV.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12217f0f03057b1d756406cf1527b6a3b38139cc9e7629517151aea85024c6cb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 12:20:06 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ciqx6dydav5r25lea3hrkj5wuozycoomtz3csulrkgxkqubey3fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img 12217f0f03057b1d756406cf1527b6a3b38139cc9e7629517151aea85024c6cb

(this sample)

NanoCore

Executable exe 8b3f0534d22c4d97d3a86c40b04b82723996ad4b09ae63704304fdcd9fcb2059

  
Dropping
MD5 8b2c86ea5aa8f99e1637b2dba811cc0c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b3f0534d22c4d97d3a86c40b04b82723996ad4b09ae63704304fdcd9fcb2059

Comments