MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b2152a1f87bb584b3354dbdc6718af3e2a10e81d2524cb41725698f49f1fb1f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b2152a1f87bb584b3354dbdc6718af3e2a10e81d2524cb41725698f49f1fb1f
SHA3-384 hash: fab3f957a46e7029f7cd3c09316d0e67213026a41e714d289e6a4703fb2e37a2a5aa84c04623532fe100a0b2f0efe457
SHA1 hash: 1bb9243bc14691c92ae459cc46414796f20d165b
MD5 hash: da5e3e6a797d3d9dd2c1f5ba0c816bae
humanhash: bulldog-red-purple-mexico
File name:CBM Dringender Auftrag ff7736635423,pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:809'112 bytes
First seen:2021-02-05 18:50:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:naNWj1jzY8GOXXE7G51Y7zeazWn0aJyJmgbxe:nTz8OnXHYmazW0aJ2e
TLSH 3905339684C44F067BC384924BF1D4FC86328B5C5E361262BD885AD919BE48E7BEF7D0
Reporter abuse_ch
Tags:DEU geo NanoCore nVpn RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail.ciemonteria.co
Sending IP: 104.131.84.225
From: Vasco Terrasi <info1@cbm-srl.com>
Subject: CBM Dringender Auftrag ff7736635423
Attachment: CBM Dringender Auftrag ff7736635423,pdf.zip (contains "CBM Dringender Auftrag ff7736635423,pdf.exe")

NanoCore RAT C2:
jahismyhelper.hopto.org:4122

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_badexts46.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b2152a1f87bb584b3354dbdc6718af3e2a10e81d2524cb41725698f49f1fb1f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-05 13:18:32 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pmqvfipypo2yjmzvjw64m4mk6prkcdub2jjeznaxevuy6spr7mpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7b2152a1f87bb584b3354dbdc6718af3e2a10e81d2524cb41725698f49f1fb1f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 7b2152a1f87bb584b3354dbdc6718af3e2a10e81d2524cb41725698f49f1fb1f

(this sample)

NanoCore

Executable exe 074bc04fde4d5fcc1e8fc4f8ca1ecd3b6ea1eabd73ecdf5055e71f7df378ebd3

  
Dropping
MD5 2d8223115f4e876f790353df5bd7db1c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 074bc04fde4d5fcc1e8fc4f8ca1ecd3b6ea1eabd73ecdf5055e71f7df378ebd3

Comments