MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a032cd20c067b83f1cab391af7671f7ae669de96dbf995f08580b14d218aeccc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	a032cd20c067b83f1cab391af7671f7ae669de96dbf995f08580b14d218aeccc
SHA3-384 hash:	f087a8296e71d60832eb870d79ba143308ee52e609cf534eaeae5e21196a3f1d0d7970ab7bc022048cf780e0323b84ff
SHA1 hash:	51e5a3b78fb76f33eaec0a08bfe2de7af4cf2304
MD5 hash:	82f27199a771cb6dc585e64d4639056e
humanhash:	hotel-idaho-magnesium-king
File name:	SecuriteInfo.com.Trojan.GenericKDZ.66565.2297.21588
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	280'064 bytes
First seen:	2020-04-17 00:52:36 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'611 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	3072:P8Damq9wyMpeQ7M+6s/ZlVFLY2d7F/6aLR1DfFa1IczsScsdbcj/Udkbs/PUYEdh:PBmqCoAvO2d7FZfY+BsdA08CvEdVtrP
Threatray	1'170 similar samples on MalwareBazaar
TLSH	9C54E19A93DC99FAC6961637C08B211EA730A43067C3E74F61CC4179DA87FE6BB12744
Reporter	SecuriteInfoCom
Tags:	NanoCore

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.66565.2297.21588.UNOFFICIAL

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-17 00:57:00 UTC

File Type:

PE (.Net Exe)

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=uazm2igam64d6hflhenpozy7pltgtxuw3p4zl4efqcyu2imk5tga._file

Verdict:

malicious

Label(s):

nanocorerat

NanoCore

3521a9cd1d18d9991b29966ae472097ae2996fc50c230ac06762f9e7666656f5

NanoCore

65603c7a88beb93205d2012ca8d63dba310fc0f7f91fc81300734ee3b2eb3f10

NanoCore

6a0aa40f52223a55b0a01d1e3070087f8c408ba9d07159cc072092420c0b7a3a

NanoCore

819b7cdae5437e09dddc2263080df829d2e8ba725f4364bfddf0cd10eb848692

NanoCore

c4b8370a2f9b30c900f56ba9b2a405f5d4febde0515c52647af81b79eaf7febf

NanoCore

d0a9cde7ebed2daf4306e0e76a341e6c4293bf9904ed464f5bfcb462dc0999d0

NanoCore

e33ef485c574d639eae34cd252d97aa78c17718190c98a92f7b6dc5a5fc0cd69

NanoCore

f86a114e73dd0f15bc888e3db1477aa4c92d333bb236c4d3d1f49e72858bb80d

NanoCore

f871edec5f55a385ddd9ec0223795927f2a83a57793a4d40592fa6d167ecc5ec

NanoCore

+ 1'160 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NanoCore

exe a032cd20c067b83f1cab391af7671f7ae669de96dbf995f08580b14d218aeccc

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/341729/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample