MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e450f5b1dcc1499278d77c4adffa991cb9795b8f9b2cf5ce9a684ee90052918. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	5e450f5b1dcc1499278d77c4adffa991cb9795b8f9b2cf5ce9a684ee90052918
SHA3-384 hash:	8eab1e43ffd0264279c1f49eaa47057d2cb2348e5ce91f394f6ecb29ac7310fa6814ccace9e16516bdcec64e89a62e29
SHA1 hash:	9973540fcb06fbbffbce99c8384b06153f3fbc5a
MD5 hash:	9ff318bb3a72d5c737f407049fc39856
humanhash:	beer-kitten-oven-maine
File name:	741d1a81b06ee1288765f1d912804447.exe
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	207'360 bytes
First seen:	2020-04-03 16:25:08 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'649 x Formbook, 12'246 x SnakeKeylogger)
ssdeep	3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIYEskdn+BJCnryIwzt4LLOcsB:gLV6Bta6dtJmakIM56skxrgztsLP2
Threatray	1'201 similar samples on MalwareBazaar
TLSH	DE14CF5637A8493FE2DE8678602242539779C2E3E8D3F3EE18D855B35B127E50A0B1D3
Reporter	abuse_ch
Tags:	exe GuLoader NanoCore

abuse_ch

Payload dropped by GuLoader from the following URL:
http://parasvijay.com/wp-includes/css/dist/list-reusable-blocks/dir/apriomo_encrypted_5C506A0.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Nanocore-5

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Nanocore

Status:

Malicious

First seen:

2020-04-03 16:35:33 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

30 of 30 (100.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=lzcq6wy5zqkjsj4no7ck375jshfzpfny7gzm6xhju2co5eaffema._file

Verdict:

malicious

Label(s):

nanocorerat

dridex

NanoCore

266c0f3b1cf78040080fce2037544112b77d23b25753c714d6390c2f705a3c34

NanoCore

5d37ea9d96ae208d4df3961643780b97016cf055128483ae287ad86616cbea45

NanoCore

756fde810887452ab2533283973f2e582df198988bcafde9f20dc85e35f4d5c4

NanoCore

83b70b20d0cdb13e9c420723ba5f025827d21e0c051c6e64b5553a5c372c3374

NanoCore

9c62e75f2dc168671bddfe8cad2b102197c10d9039d8917a7637585ff603dbdd

NanoCore

9fc240db7a0cd883c35e2cbfc6e8dcb2bb3921514dbce65aef46711de4a06a6a

NanoCore

ddf157853be3dbebba9eea0db9815017a0c7d8dded210a5c291d7b0ccd2fd2be

NanoCore

e29e9d9beb5ce8187decf038cdc0b1d3102b4cfe43715a3b4f934098a943ebed

NanoCore

ed6ea055c622adab41b5eba73b4d556c4c843b9e77e21933297ca0ce972ce5c4

NanoCore

+ 1'191 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

af07b640d4531c76154fb44e1b7238cff4aba20012a7d0e89af88c496f1542fa

NanoCore

exe 5e450f5b1dcc1499278d77c4adffa991cb9795b8f9b2cf5ce9a684ee90052918

(this sample)

Dropped by

MD5 741d1a81b06ee1288765f1d912804447

Dropped by

MD5 0454fb749b697267a917537a058b51f8

Dropped by

GuLoader

Dropped by

SHA256 af07b640d4531c76154fb44e1b7238cff4aba20012a7d0e89af88c496f1542fa

Dropped by

SHA256 580f0c80ca236aa6942364983d20d78ae0e35d21825fafb698e99f7a7dcd92ea

URLhaus

https://urlhaus.abuse.ch/url/334536/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample