MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 791110d79ffa8044cec3db3797101da67f7e848d7e147c44c779639ca7bb44f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 791110d79ffa8044cec3db3797101da67f7e848d7e147c44c779639ca7bb44f7
SHA3-384 hash: 861b0bc551628f70334753650a90e9b6343c9a3ccc3c05e8cc04814051264357417ff779bc646d349cf521d6ba77d57c
SHA1 hash: 0af8b06c81e2a913c913bda7e4a53a5fa71fe510
MD5 hash: 43c84ffd4d7fa0c0e1394531760e388f
humanhash: autumn-texas-harry-video
File name:190408_CoC_list.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:392'159 bytes
First seen:2021-01-29 19:30:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:rmYHM5bkbe4GvVrkirU5cAzYB5wbcAYVYMexKjdj8pjUWPlAySxwwPfQXMINn93W:aYHA4y4GhkirJUYB5wbfYVpexiwJrSxH
TLSH 7D8423AD828D08D2893012799C9817995FF38F60F8A7D8EDE7DED3742A01D2E6705778
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.helitactica.xyz
Sending IP: 203.159.80.22
From: Ewa Laszcz <ewailp@icloud.com>
Reply-To: Ewa Laszcz <sdmarine861000@gmail.com>
Subject: New Order Request for PI..
Attachment: 190408_CoC_list.zip (contains "190408_CoC_list.exe")

NanoCore RAT C2:
fgtrert.duckdns.org:4948 (195.20.109.90)

Intelligence

File Origin
# of uploads :
1
# of downloads :
329
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/791110d79ffa8044cec3db3797101da67f7e848d7e147c44c779639ca7bb44f7/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-29 19:31:06 UTC
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=peirbv477kaejtwd3m3zoea5uz7x5benpykhyrghpfrzzj53it3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/791110d79ffa8044cec3db3797101da67f7e848d7e147c44c779639ca7bb44f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 791110d79ffa8044cec3db3797101da67f7e848d7e147c44c779639ca7bb44f7

(this sample)

NanoCore

Executable exe fe52f1819bdcda1444c78a81ff9308b8d4d84e23408ad295e493fe2703b9b385

  
Dropping
MD5 8264f3fb47d6058d34b7a55018814ce9
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe52f1819bdcda1444c78a81ff9308b8d4d84e23408ad295e493fe2703b9b385

Comments