MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44874833c14929cb7ea7e1ff3707163e22e0358bcbb7c113c41cb8b865879b39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44874833c14929cb7ea7e1ff3707163e22e0358bcbb7c113c41cb8b865879b39
SHA3-384 hash: b906bbe82bf5fab47bdade0517b41902496f0acd3f260f27bce1e98ff69c4787579e975662f7d231a234248de77990ed
SHA1 hash: 203fbbb0d88106c8aaab8751577af85848b45eca
MD5 hash: 410ca61970334e4f8003f0f34a886dad
humanhash: spring-three-spring-neptune
File name:Quotation9837JPC_RFQ_oct_Japan_Vietnam_Company.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:619'495 bytes
First seen:2020-10-06 06:12:34 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:Hix9QrSnt/8LLfwd9QeHfRnTteZv+flPLYS7qbgwEcqLrQhrKka:E9PtI7TqfRIZv+flDVqbarka
TLSH 95D4236982F35121C0900E4A4F55BC32D9C2B97F907F2BE449AA77A9EDE3066C5381CF
Reporter abuse_ch
Tags:arj NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: dfdkells.xyz
Sending IP: 192.255.234.41
From: Do Van Dinh (Sales director) <info@dfdkells.xyz>
Subject: Quotation#9837JPC
Attachment: Quotation9837JPC_RFQ_oct_Japan_Vietnam_Company.arj (contains "Quotation#9837JPC_RFQ_SEPT_Japan_Vietnam_Company.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44874833c14929cb7ea7e1ff3707163e22e0358bcbb7c113c41cb8b865879b39/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 03:57:54 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=isduqm6bjeu4w7vh4h7tobywhyroanmlzo34ce6eds4lqzmhtm4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/44874833c14929cb7ea7e1ff3707163e22e0358bcbb7c113c41cb8b865879b39

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 44874833c14929cb7ea7e1ff3707163e22e0358bcbb7c113c41cb8b865879b39

(this sample)

NanoCore

Executable exe 9279c6ca7db65d126d35f77f8dc93b46c0e6e68a5ba6da1789ae30c1959bb898

  
Dropping
MD5 4dc2332e1cc1d59ebd87d635d8dc198c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9279c6ca7db65d126d35f77f8dc93b46c0e6e68a5ba6da1789ae30c1959bb898

Comments