MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e74513a185d50e71f0b6f469fa05fab1396bec1fb2ada4df38fe16d2db98606. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e74513a185d50e71f0b6f469fa05fab1396bec1fb2ada4df38fe16d2db98606
SHA3-384 hash: f899d1dd0f8fa13ee2f9067eb5ec059da6dbf61cff5ff06b93da64de917427fa24a7acfa893e2555a753121e735b8c4a
SHA1 hash: bb3ad3d8915bd7c04cb70086f0e732b067118b07
MD5 hash: b227ece941c8cd03d27f714aa49ca1db
humanhash: seventeen-winner-romeo-two
File name:New Order Speci 77028_20210305.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'310'720 bytes
First seen:2021-03-05 13:02:05 UTC
Last seen:2021-03-05 13:02:45 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:Ioe8teodM4fNDVbUs2yxR9E4guII04FcltwQUku+cxviXWLr56L9XTLFbk:pE4guvqltBUXfcg5Y9XPC
TLSH BA5519EDD04E50EDD4B37EF13BA15C1C93566E116A1AA01A24443D837FFF9A2BB83816
Reporter abuse_ch
Tags:iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: slot0.julislinq.com
Sending IP: 194.31.96.36
From: Sales01 - PURCHASE <sales@julislinq.com>
Subject: RFQ/2021/03/05/Quotation/NEW ORDER/77028_2021030 APRIL DELIVERY 07
Attachment: New Order Speci 77028_20210305.iso (contains "1RevKocjWoyhJ3y.exe")

NanoCore RAT C2:
cloudhost.myfirewall.org

Intelligence

File Origin
# of uploads :
2
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.381424.23607.23480.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e74513a185d50e71f0b6f469fa05fab1396bec1fb2ada4df38fe16d2db98606/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-05 13:03:08 UTC
AV detection:
12 of 43 (27.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fz2fcoqylvioohyln5dj7ic7vmjznpwb7mvnutptr7qw2lnzqyda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2e74513a185d50e71f0b6f469fa05fab1396bec1fb2ada4df38fe16d2db98606

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 2e74513a185d50e71f0b6f469fa05fab1396bec1fb2ada4df38fe16d2db98606

(this sample)

NanoCore

Executable exe 3515459b4e069b4d498b7f14cd94361592688cfdc7bd98b4fbf98527636a554d

  
Dropping
MD5 f8286074ccc8f0fcd55598a752e69f8d
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3515459b4e069b4d498b7f14cd94361592688cfdc7bd98b4fbf98527636a554d

Comments