MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76bf8d15ad312bf2b5d2dc2605df0d9c9a336f5889753dca72b6c3ed1aec4bec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76bf8d15ad312bf2b5d2dc2605df0d9c9a336f5889753dca72b6c3ed1aec4bec
SHA3-384 hash: c09bdb6b2de835946777958e55ea9e157a2f175a540506265863471cb18357a48017604751a1cdbde9e8f95e2f989e3d
SHA1 hash: 471cce17056b4a4af81675f4d52062da6d415afc
MD5 hash: 6294ff90bf43e5af10fefd6387fd0879
humanhash: berlin-summer-muppet-robin
File name:190408_CoC_list.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:630'834 bytes
First seen:2021-02-03 16:07:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:efvP/hABXemKyokEAMzovuH8qSIEFXuk9rnUq7PlG:enPJAFemr8zovuH8CSZ7PlG
TLSH C1D423EB4C0843CE91DD2581291C742182BCFAEC29DA10496FB29A9B5FFDD3F09BD156
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.helitactica.xyz
Sending IP: 203.159.80.22
From: Ewa Laszcz <ewailp@icloud.com>
Reply-To: Ewa Laszcz <sdmarine861000@gmail.com>
Subject: Purchase Order
Attachment: 190408_CoC_list.zip (contains "190408_CoC_list.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42827.2664.18490.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76bf8d15ad312bf2b5d2dc2605df0d9c9a336f5889753dca72b6c3ed1aec4bec/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-03 16:08:09 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o27y2fnngev7fnos3qtalxyntsndg32yrf2t3stsw3b62gxmjpwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/76bf8d15ad312bf2b5d2dc2605df0d9c9a336f5889753dca72b6c3ed1aec4bec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 76bf8d15ad312bf2b5d2dc2605df0d9c9a336f5889753dca72b6c3ed1aec4bec

(this sample)

NanoCore

Executable exe bf1d8a1ad7760530a510bcae120db7505ea52a32bc83fe8da6378481dd93d293

  
Dropping
MD5 acaa3c1735a0f109427f962a00c396f0
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf1d8a1ad7760530a510bcae120db7505ea52a32bc83fe8da6378481dd93d293

Comments