MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7170afaea1dbb708d92f335dbcbf2677704d6abb91cb6d3f08cca0ed470d3dac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 5 Comments

SHA256 hash: 7170afaea1dbb708d92f335dbcbf2677704d6abb91cb6d3f08cca0ed470d3dac
SHA3-384 hash: 7a3c76d126dd4ab365810f08ea5ed998a4e7e088068c29fb570ef28f110d60c5488e8144dda4b4ac539ec60bc8e623b9
SHA1 hash: 2a4415c9a3b62f199d9d8b43757d6be4416f2c2c
MD5 hash: f0ce802aaa6e7327d4104151aeb0cf9b
humanhash: sierra-skylark-two-gee
File name:TSTheme.exe_
Download: download sample
Signature NanoCore
File size:1'611'776 bytes
First seen:2020-06-18 13:51:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 24576:Ltb20pkaCqT5TBWgNQ7alR39WOOYzAV2BqB3cuWvURv1Pb/93NOWj1cU6A:IVg5tQ7al3WV8AIBk3fWvUJFDx5
TLSH 8475E02373DD8365C3B25273BA66B701AE7F782506B5F56B2F94093DF820122521EA73
Reporter @c_APT_ure
Tags:NanoCore

Intelligence


File Origin
# of uploads :
1
# of downloads :
36
Origin country :
CH CH
Mail intelligence
No data
Vendor Threat Intelligence
Detection:
NanoCore
Gathering data
Threat name:
Win32.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-05-07 18:19:38 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  5/5
Result
Malware family:
nanocore
Score:
  10/10
Tags:
evasion trojan keylogger stealer spyware family:nanocore
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Drops startup file
NanoCore
Malware Config
Extraction:
193.26.21.58:47507

Yara Signatures


Rule name:ach_NanoCore
Author:abuse.ch
Rule name:Nanocore
Author:JPCERT/CC Incident Response Group
Description:detect Nanocore in memory
Reference:internal research
Rule name:Nanocore_RAT_Feb18_1
Author:Florian Roth
Description:Detects Nanocore RAT
Reference:Internal Research - T2T
Rule name:Nanocore_RAT_Gen_2
Author:Florian Roth
Description:Detetcs the Nanocore RAT
Reference:https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Rule name:win_nanocore_w0
Author: Kevin Breen <kevin@techanarchy.net>

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments