MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81dd6bf8f73b2cd5f20ddce56486310323723a6c07723b2a30803697fd17dded. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81dd6bf8f73b2cd5f20ddce56486310323723a6c07723b2a30803697fd17dded
SHA3-384 hash: f4379433de032b69ed7142d1602835c4c3507574e6dfa5680b4144dc8e3f703171c478b1fd8cc3c0a2de8349ba0f8087
SHA1 hash: 5533ea469d86cd26b8b4a6db247adc2c154a05a4
MD5 hash: cbd708e5723e455c5ed35cdaa6e8cbe3
humanhash: wyoming-black-india-snake
File name:wvcjwdwcwc.exe
Download: download sample
Signature NanoCore
Create hunting rule
File size:247'808 bytes
First seen:2020-04-05 13:30:16 UTC
Last seen:2020-04-05 13:36:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 3072:wOReZ7pB4npZOXUntNRiMd3U+PBvTL1JYgLcDlBQxEE1U2:wYnHrRiIU+PBvTZVLJEn
Threatray 16 similar samples on MalwareBazaar
TLSH E434319213CC6F5FCAFE5BB461B10F00B3EC561BC69EE52A1F4A158C1DABEC6A60C145
Reporter JoulK
Tags:NanoCore

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Bladabindi-6848156-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 13:35:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
17
AV detection:
26 of 31 (83.87%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qhowx6hxhmwnl4qn3tswjbrramrxeotma5zdwkrqqa3jp7ix3xwq._file
Verdict:
unknown
Similar samples:
2b2166f900572c98775661fd3905d86451e7470c2e548fe234f20f2069c93331
NanoCore
3b73775e3999fa2a73354e2f9073ae52c61f2aa4ed348b0889f3c85653cf1145
NanoCore
5036daccd356ba9794957dc02668b903e2779eb2865aa2cf6605c8cb9f639da6
NanoCore
692edb91091b23c85b594f82921ee682aa25f1902d048e54fed4edafe0549e3f
NanoCore
69dc322f7861776b6420ab43482f352f745d7a5b0ed3db55c892f9b7479e912d
NanoCore
73a8ad379a2f6efec0754119102727765066db33a4f8b4a0aed21608bdb0cdfd
NanoCore
aa025c5073c737b73d42bc9295b7622e9c0b2db8a7bb9f480ba45a76a18259f3
NanoCore
b20e67792a0edf233f319f7af96f189451bb8cd4df24c93fcf0e586a473f552d
NanoCore
c410f181985c48a013609ed25c046f7e87782ee807e2b8bd0199788a461eec90
NanoCore
f0cbd144abefbde7656a8ab6733b337165ea5929fd1829f179e8a852275d059f
NanoCore
+ 6 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NanoCore

Executable exe 81dd6bf8f73b2cd5f20ddce56486310323723a6c07723b2a30803697fd17dded

(this sample)

anyrun
any.run
https://app.any.run/tasks/7e65336b-9d72-42d4-8b6f-a911ccb53985
  
URLhaus
https://urlhaus.abuse.ch/url/335580/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments