MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99547087bc1d72a69d66a7ad70bc9a972882a3c0fcdcc95962b3db4e5f9a2915. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99547087bc1d72a69d66a7ad70bc9a972882a3c0fcdcc95962b3db4e5f9a2915
SHA3-384 hash: 18f196f34b2f259291bb93cbd5a5077308d7257df3adf4b040d3dbd3c46ad17ee96a900b8e801dd6cb0fdead71536cfd
SHA1 hash: 7bcc1ff80a0d572adc2e18545f350f1aea22be39
MD5 hash: 7cf071f4cfb16fe79bd5edebc5638328
humanhash: freddie-december-lima-rugby
File name:Quotation Request-RFQ2020-11-19.r00
Download: download sample
Signature NanoCore
Create hunting rule
File size:345'415 bytes
First seen:2020-11-19 08:56:28 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:oV9tyz2Hm5Og4zMPK1iqs43Mgc5ZahVcmw9yc8RAwRaOC23VbVvMcdC1OXawEdy:oV/yqHmYg6m4sIgahOmWyJRAMC+nMOIy
TLSH 9E7423865102768E7106C132CA66227EC57875F5816BCCDD86E2FDF892B24F187B81FE
Reporter abuse_ch
Tags:NanoCore r00 RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: magnum.com.co
Sending IP: 185.222.57.141
From: Henry Hurtado Avila <hhurtado@magnum.com.co>
Subject: RE: Product list Quotation #RFQ-11-19-2020.iso
Attachment: Quotation Request-RFQ2020-11-19.r00 (contains "Quotation Request-RFQ#2020-11-19.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Porcupine.MSIL.Kryptik.XXF.97439.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99547087bc1d72a69d66a7ad70bc9a972882a3c0fcdcc95962b3db4e5f9a2915/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 23:11:23 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tfkhbb54dvzknhlgu6wxbpe2s4uifi6a7tomswlcwpnu4x42fekq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

r00 99547087bc1d72a69d66a7ad70bc9a972882a3c0fcdcc95962b3db4e5f9a2915

(this sample)

NanoCore

Executable exe ac4013eb7d6c5dbbf90b163c9ebc5cf8fe40090132635764de6624ac2e3faf40

  
Dropping
MD5 114597d1747614501b549e3bad7097c3
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac4013eb7d6c5dbbf90b163c9ebc5cf8fe40090132635764de6624ac2e3faf40

Comments