MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dac104f470246ea94d2deed4cf419b40989876651f168ce9b0448d83450df14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dac104f470246ea94d2deed4cf419b40989876651f168ce9b0448d83450df14
SHA3-384 hash: 70f80b1bb9836ca713cf16c53b1c202e427c2b025665c7f9d0343c09d2915c0692854d0f2916d872c3f23383a34c31dd
SHA1 hash: f6ec63171568ba5ffb1ecd17498a94781186959c
MD5 hash: e7cb38fb001e29631bdba7ac40f6194c
humanhash: coffee-hydrogen-island-nuts
File name:Revised PI.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:562'697 bytes
First seen:2020-10-06 06:29:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:kyyjXLL9Wfum2gfpBk6h9kl9pNMP7tWcjj6VSZQMh:kzXLLEfrHyl9bqUGWVvMh
TLSH CAC4238A3D197BCC33C47EF2267D8712A142EA0CDB59AE65D37829264FDD97884D042E
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: sdxsda.xyz
Sending IP: 192.236.211.127
From: Marina Karpova<mcc_kz_df@metro.com.kz>
Subject: Revised PI
Attachment: Revised PI.rar (contains "N9dbGzB9HSZWe4S.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3dac104f470246ea94d2deed4cf419b40989876651f168ce9b0448d83450df14/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 04:19:46 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwwbat2hajdovfgs33wuz5azwqeytb3gkhywrtu3arenqncq34ka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3dac104f470246ea94d2deed4cf419b40989876651f168ce9b0448d83450df14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 3dac104f470246ea94d2deed4cf419b40989876651f168ce9b0448d83450df14

(this sample)

NanoCore

Executable exe 85f95dab2beb3b902b643d41c5265cfe2c501b2edaeb9cdf0048d33781804776

  
Dropping
MD5 5ea11d3c23ef35e9c134f6875195ed70
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 85f95dab2beb3b902b643d41c5265cfe2c501b2edaeb9cdf0048d33781804776

Comments