MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6377be7bc3f351b774ceed33ee772d35d33ffe7bb09430d9fad15762a6d48741. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6377be7bc3f351b774ceed33ee772d35d33ffe7bb09430d9fad15762a6d48741
SHA3-384 hash: d3c5572453cd9f4676a7fe387b630ae381b91045604f3c3f2a938e3d5e55372d3f7afbcf1e69d92a402bc2758dd4ffd0
SHA1 hash: f428ee89d054f04587fa222e15f8e0fe6ab57efa
MD5 hash: 01d80c0f9f20a2bd06398871ebb1c6bf
humanhash: april-uncle-one-oxygen
File name:OC 26988.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:584'746 bytes
First seen:2020-10-22 06:24:26 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:1+4w4DE5rk2e9+TdecFPVpDOwgSIeARhdbWW+zJyh:1og2e9O3RaGjGzyWgyh
TLSH C6C423930C4530695B1B9E295A37FBD38CE9C586C3D9E03033891C5C39A99D1B7EADC9
Reporter abuse_ch
Tags:gz NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

From: "Inostroza, Javier" <javier.inostroza@sbdinc.com>
Reply-To: victoriabodyna@gmail.com
Subject: Purchase Order SBDK Arg.
Attachment: OC 26988.gz (contains "OC 26988.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6377be7bc3f351b774ceed33ee772d35d33ffe7bb09430d9fad15762a6d48741/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 17:26:36 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mn33466d6ni3o5go5uz645zngxjt77t3wckdbwp22flwfjwuq5aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 6377be7bc3f351b774ceed33ee772d35d33ffe7bb09430d9fad15762a6d48741

(this sample)

NanoCore

Executable exe 2531dce3c805e06386d1ef9055da3648637b2316f38b1c8c3f6aa21f1ed332c8

  
Dropping
MD5 cbbc61aa308519fa53af2bc17f495633
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2531dce3c805e06386d1ef9055da3648637b2316f38b1c8c3f6aa21f1ed332c8

Comments