MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 985a5d88d6169b4b764c6d7c638270a5e77da27003e972459e1214a5c06e7682. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 985a5d88d6169b4b764c6d7c638270a5e77da27003e972459e1214a5c06e7682
SHA3-384 hash: 30f648b1bcf633450aa4ea6e3a12e72a2bc8aef423e442c3e024f8c1dd81fcb926baa51c9d984dd67e243f94d17874b2
SHA1 hash: 163f61ed6b8f47cf51988b792c357eb7fc27055c
MD5 hash: bb83160005c0c4477ed0e815a2d3d94b
humanhash: april-carbon-muppet-island
File name:RFQ-BOHB-SS-FD6L4.r11
Download: download sample
Signature NanoCore
Create hunting rule
File size:642'668 bytes
First seen:2020-10-26 14:38:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:NEQushlYr4zMq4Mcnf0dl8pStCrNTDU0VK9vamlWM11rPoi/gCrOwp:NrYxqaVrNHU0VKJaO11rPv/gep
TLSH 04D423CDEDE27609CE5A35FD93F0602663B7F394D1A5680E47EA247C51512CE7F68820
Reporter abuse_ch
Tags:r11


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.pantin-hoes.com
Sending IP: 45.95.169.163
From: ADL Industries <info@adl-gmbh.net>
Subject: Re:Request for Quotation, Our Ref. No : Sept 23/20-DE.
Attachment: RFQ-BOHB-SS-FD6L4.r11 (contains "RFQ-BOHB-SS-FD6L4.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/985a5d88d6169b4b764c6d7c638270a5e77da27003e972459e1214a5c06e7682/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 07:53:54 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tbnf3cgwc2nuw5smnv6ghatquxtx3itqapuxerm6cikklqdoo2ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 985a5d88d6169b4b764c6d7c638270a5e77da27003e972459e1214a5c06e7682

(this sample)

NanoCore

Executable exe 4b0210dd37e5461785bd5d0b1fab796e76ef46c4a2999781710196d391cccb55

  
Dropping
MD5 959385d29e0c57adf02941fd585c16e4
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b0210dd37e5461785bd5d0b1fab796e76ef46c4a2999781710196d391cccb55

Comments