MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53fbbcf782f9768c02f5637b0a11ba0d63b9b2210f555999272ba6dbe709d30b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53fbbcf782f9768c02f5637b0a11ba0d63b9b2210f555999272ba6dbe709d30b
SHA3-384 hash: f485048270fd68f39fd0c4911ed9fc9636dd07f30d2339cbf222a55c55da4db5aab6001607172a644f8fc2cbad998968
SHA1 hash: 817a390a395c5d994bd231f796fccf978ee2ea02
MD5 hash: 60f76230f17a25f1135393d6a586859f
humanhash: illinois-fifteen-stairway-five
File name:Acknowledgment NEW ORDER.r00
Download: download sample
Signature NanoCore
Create hunting rule
File size:408'794 bytes
First seen:2020-09-04 08:05:57 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:hj+DSTXUfFacs3xawlU3qMPyuwpqaGTUDulZp:+SDTcs3xawBFqBiuzp
TLSH F79423ACF56B7255D193486EE64A6CEE33750F8232B96E871C92F4E36B72D4111E20CC
Reporter cocaman
Tags:NanoCore r00


Avatar
cocaman
Malicious email
From: Tapia Arriagada, Francisca <francisca.tapiaarriagada@cencosud.cl>
Received: from cencosud.cl (unknown [185.222.58.102])
Date: 4 Sep 2020 09:23:21 +0200
Subject: TOP Urgent new PO Purchase Order fcl
Attachment: Acknowledgment NEW ORDER.r00

Intelligence

File Origin
# of uploads :
1
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27360.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53fbbcf782f9768c02f5637b0a11ba0d63b9b2210f555999272ba6dbe709d30b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-09-04 08:07:08 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kp53z54c7f3iyaxvmn5quen2bvr3tmrbb5kvtgjhfotnxzyj2mfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/53fbbcf782f9768c02f5637b0a11ba0d63b9b2210f555999272ba6dbe709d30b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

r00 53fbbcf782f9768c02f5637b0a11ba0d63b9b2210f555999272ba6dbe709d30b

(this sample)

NanoCore

Executable exe d406a7a9f53d855c09c085482979c935b2668db373e5809b7e48dedfb1206a9f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d406a7a9f53d855c09c085482979c935b2668db373e5809b7e48dedfb1206a9f
  
Dropping
NanoCore

Comments