MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16
SHA3-384 hash: 2b5829b2d15137e1639891b74a3558760610dda59dab5d7c357c8375d63507b0c95d0c9172da20311373175b37e0c8ba
SHA1 hash: f5843409f2fff10d686aa75df94f78b1121df6ef
MD5 hash: 4ae071a407c0054c1a549457a67151f9
humanhash: item-five-lamp-pizza
File name:T7k3j2h1_Invoice__receipt.vbs
Download: download sample
Signature NanoCore
Create hunting rule
File size:731 bytes
First seen:2021-08-14 06:14:47 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 12:dXVlTX7Fl9kQOGv9IXeNVMf+8irXWMMeRo8N5zliwqhP/jvVlg7:Tl7FeG9geNVxXLMeyMgV67
Threatray 2'593 similar samples on MalwareBazaar
TLSH T17E012801BA11F1E39106F747DDF11279A6E7B6A49891A991206C829F10BB4AE2E83E50
Reporter abuse_ch
Tags:NanoCore RAT vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
298
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/179143/
Detection(s):
SecuriteInfo.com.VB.Trojan.Valyria.5170.21070.11552.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/832769
Signature
Creates an undocumented autostart registry key
Obfuscated command line found
Sigma detected: Suspicious PowerShell Command Line
VBScript performs obfuscated calls to suspicious functions
Wscript starts Powershell (via cmd or directly)
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16/
Threat name:
Script.Trojan.Valyria
Create hunting rule
Status:
Malicious
First seen:
2021-08-14 06:15:07 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubyq6zedz26sf5qvynbv5zyks4ousdyvzfjjypzekdr4w46tlila._file
Verdict:
malicious
Label(s):
nanocorerat
Create hunting rule
Similar samples:
116aa7bc57d59020e469c51acb832bfb44fa109a65155e9749506168860f6e06
NanoCore
62820764aa07d5d7aa0cd0f3f6decc6aa576fcd411e7561646151aa77d765174
NanoCore
7f1cd16cd2d2e5644752a3e0fd411c3902bad47051779d5bd539e9650f53787c
NanoCore
89aea7429e8634bbba4d97c8576adb9568cdf91830d15ecd2c34c5a290f7b83f
NanoCore
c3ddf55e53888193522a7b619370b746cb0a79502c5157a98754a9009f644a11
NanoCore
f3ca0f6bff094ea564e6b6e7a9947dc6a7a63b1800ec11b64e4e58447cfa61c3
NanoCore
ffec1862f56857ad722abbcb98be7af86f2cf0763371bcb40273f0d884157c32
NanoCore
+ 2'583 additional samples on MalwareBazaar
Result
Malware family:
nanocore
Create hunting rule
Score:
  10/10
Tags:
family:nanocore keylogger spyware stealer suricata trojan
Link:
https://tria.ge/reports/210814-s6fehqj4s6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Blocklisted process makes network request
NanoCore
suricata: ET MALWARE DTLoader Binary Request M2
suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)
Malware Config
C2 Extraction:
augcavite.duckdns.org:3500
Dropper Extraction:
https://transfer.sh/1awqNEs/bypass.txt
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/a0710f6483ce/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

Visual Basic Script (vbs) vbs a0710f6483cebd22f615c3435ee70a971d490f15c9529c3f2450e3cb73d35a16

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/179143/

Comments