MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e9c1b4bbf9a4eb2506734111a054e2b6bb4904b26be6b1ee0bf5a1f6b66101f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e9c1b4bbf9a4eb2506734111a054e2b6bb4904b26be6b1ee0bf5a1f6b66101f
SHA3-384 hash: 65a02dffb6a34b36b3fca3cde841b0b09f4ed343827aa6cf4f8a2dea4b36f40adef7eadab6b0957ecdb63045827916ad
SHA1 hash: 77d3b4f126ea6fd4775deea1b1d422757edad94f
MD5 hash: e169d8e837ca302ec0da3d8d7f32b13f
humanhash: nine-item-utah-blue
File name:Items_02559-02663.uue
Download: download sample
Signature NanoCore
Create hunting rule
File size:708'663 bytes
First seen:2021-02-24 11:59:08 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:7g8jtIX7GEdyhdatI83MeWwOmEeAwVGvbJACeu+Krzz/mkhd509D:s8jtU7Dyftqu/wu0ufzzxd5O
TLSH F6E423828AB6E78610DBDA8956E93D1269F8AF11F719B1E3D017DECC140DC869BFB104
Reporter abuse_ch
Tags:NanoCore RAT uue


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: cpanel.noorhosting.com
Sending IP: 41.187.100.24
From: Xie Yuqing MAY <general@bgshipping.com>
Subject: Enquiry 003987 February 24th, 2021
Attachment: Items_02559-02663.uue (contains "Items_02559-02663.pdf.exe")

NanoCore RAT C2:
wilsonzz.webredirect.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
143
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.32409.4216.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e9c1b4bbf9a4eb2506734111a054e2b6bb4904b26be6b1ee0bf5a1f6b66101f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 11:59:10 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2obws57tjhleudhgqirubkofnv3jecle27gwhxax5nb623gcapq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

uue 8e9c1b4bbf9a4eb2506734111a054e2b6bb4904b26be6b1ee0bf5a1f6b66101f

(this sample)

NanoCore

Executable exe 0a31dde9dd611de5afef82eac6581588c5d8b034106a1f4eac68958b8bd526c2

  
Dropping
MD5 69b99b73945755df4628529e5a1bf6f8
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a31dde9dd611de5afef82eac6581588c5d8b034106a1f4eac68958b8bd526c2

Comments