MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83dff7d3df1eee96bce905da83ff490c1a6549abf18b1d608ce34b434a0a7b03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83dff7d3df1eee96bce905da83ff490c1a6549abf18b1d608ce34b434a0a7b03
SHA3-384 hash: ddf47e9a7ee5eea714d3f9d0043a1e85f0831f94e8eb3f2885b8e426e6244b385b49a0aa98b5a039ab299451ed4856a4
SHA1 hash: b475bac109d23b486f8275451b6d10b9cb76e6d0
MD5 hash: 1fdd4b9e0cb90c517fd9bd67d1928403
humanhash: september-princess-nevada-hotel
File name:Remittance Scan DOC-2029293PI207-048.pptx.pdf.gz.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:630'145 bytes
First seen:2020-10-21 08:04:28 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:5tld84YDCCLwsRORWaXGjgq0O21v5lSRKNDYHKtPBEEVHyCXbevH8xiFk1:XlDYhEsRORdXMB/21v50KjVS2WH8F
TLSH 36D4337910D86C7F089A890BEDC3873618F55E21D3EBF892242BDF2705DE5819B2769C
Reporter abuse_ch
Tags:gz NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: asgw02.ilcs.co.id
Sending IP: 103.19.80.81
From: Nemanja Mijatovic <paymenm@indoheavy.com>
Reply-To: paymenm@indoheavy.com
Subject: RE: Transfer Remittance (PI207-048) ..
Attachment: Remittance Scan DOC-2029293PI207-048.pptx.pdf.gz.gz (contains "Remittance Scan DOC-2029293#PI207-048.pptx.pdf.gz.exe")

NanoCore RAT C2:
windo.hopto.org:1990 (185.231.113.190)

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83dff7d3df1eee96bce905da83ff490c1a6549abf18b1d608ce34b434a0a7b03/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 18:33:40 UTC
AV detection:
6 of 47 (12.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qpp7pu67d3xjnphjaxnih72jbqngksnl6gfr2yem4nfugsqkpmbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 83dff7d3df1eee96bce905da83ff490c1a6549abf18b1d608ce34b434a0a7b03

(this sample)

NanoCore

Executable exe 287597fcffd11298b757ac806606000d8dd4c3c2641891c1932a1e76348d9922

  
Dropping
MD5 d4650bf9d5781cb758a0ab7c2de67a0a
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 287597fcffd11298b757ac806606000d8dd4c3c2641891c1932a1e76348d9922

Comments