MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ad62446b19cac6eb72ae2131b1745ba3a9b03297adf938fcd0e6721e5b88a6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ad62446b19cac6eb72ae2131b1745ba3a9b03297adf938fcd0e6721e5b88a6e
SHA3-384 hash: 39d6fd9790c94dd663d6c117a67f4ca2991b2dab9aea5d7a90d7ae34c568edfd37634f107644c7010506054386d3ce30
SHA1 hash: cf0371187e91488c8af0e434a395c9eb8bbc36d9
MD5 hash: 622b4922e16220acdbf9cabd4d6c7726
humanhash: idaho-november-delta-eighteen
File name:6e757a5e16c1975ac0e056929f446189.exe
Download: download sample
Signature NanoCore
Create hunting rule
File size:207'872 bytes
First seen:2020-03-31 05:10:10 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'206 x SnakeKeylogger)
ssdeep 3072:MzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HII0PAGTwjgaxODOeSQcY/UShKS:MLV6Bta6dtJmakIM52r8PxtPY/1KS
TLSH 2114CF563BE98A3ED2DF86B8611202139378C2E7D9D3F3DA18D851B78B627E506070D7
Reporter abuse_ch
Tags:exe GuLoader NanoCore


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://onedrive.live.com/download?cid=8191351450372B91&resid=8191351450372B91%21275&authkey=ADdKBbUtd3lurdQ

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Nanocore-5
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Nanocore
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 05:35:42 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hllcirvrtswg5nzk4ijrwf2fxi5jwazjplpzhd6nbztsdznyrjxa._file
Verdict:
malicious
Label(s):
nanocorerat
Create hunting rule
dridex
Create hunting rule
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

85ad2f4e630cc8794924c4af6aa95c81d41ec456297df9547ea89b50b0c6075d

NanoCore

Executable exe 3ad62446b19cac6eb72ae2131b1745ba3a9b03297adf938fcd0e6721e5b88a6e

(this sample)

  
Dropped by
MD5 6e757a5e16c1975ac0e056929f446189
  
Dropped by
MD5 5392dba4bc0d77ae53744fc2fa22d425
  
Dropped by
GuLoader
  
Dropped by
SHA256 85ad2f4e630cc8794924c4af6aa95c81d41ec456297df9547ea89b50b0c6075d
  
Dropped by
SHA256 8a0b4b5a1c8393c91b084347a9e55682200a4ee314f796592d61a24ecabe8ea2
  
URLhaus
https://urlhaus.abuse.ch/url/332566/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments