MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a32ff47d45c2f6a812384de0709f97241afa8ad5ae1dcf75e24eedb0fc58e8bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a32ff47d45c2f6a812384de0709f97241afa8ad5ae1dcf75e24eedb0fc58e8bf
SHA3-384 hash: 1b079172a1606630a1747ede656a7b328567e4c57fb40213ce6711795c12933674b80a5e34e01fd7589980c8ce645ec4
SHA1 hash: 24ab3c6ba004ba5e317806bee14ca9bb9044bea5
MD5 hash: 4aa34b2585e087cdcb6d660b93f8ef63
humanhash: tennis-tennessee-queen-alanine
File name:cotización.PDF___________________________________________.r20
Download: download sample
Signature NanoCore
Create hunting rule
File size:409'346 bytes
First seen:2021-02-26 18:04:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:S3xXwp4duE2XRdZsF/3cfYzd1ANxCtQAGLq6P:ShXSP/XLa/MgBeWgqa
TLSH A39423FF91D68A9656E03B7F51C7DF7C3922C208F44264768C92B589232FAA4A4DF41C
Reporter abuse_ch
Tags:geo MEX NanoCore r20 RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail.inasa.com.mx
Sending IP: 201.159.97.242
From: Fernandez <tarr_fernandez@inasa.com.mx>
Subject: SpamRE: cotización MEXICO
Attachment: cotización.PDF___________________________________________.r20 (contains "cotización.PDF___________________________________________.exe")

NanoCore RAT C2:
trijgrscviomnbvdewacvioplmjytrewwqazxcvty.ydns.eu.ydns.eu

Intelligence

File Origin
# of uploads :
1
# of downloads :
244
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a32ff47d45c2f6a812384de0709f97241afa8ad5ae1dcf75e24eedb0fc58e8bf/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 17:38:14 UTC
AV detection:
12 of 47 (25.53%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=umx7i7kfyl3kqeryjxqhbh4xeqnpvcwvvyo465pcj3w3b7cy5c7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip a32ff47d45c2f6a812384de0709f97241afa8ad5ae1dcf75e24eedb0fc58e8bf

(this sample)

NanoCore

Executable exe a6e5ce54fa87a5b2a2e2abb4a6d69d9d571fb7668fd2535f319eb9b5ff5b6c6b

  
Dropping
MD5 e2423a50810971b2cb231ba1d7d1399d
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a6e5ce54fa87a5b2a2e2abb4a6d69d9d571fb7668fd2535f319eb9b5ff5b6c6b

Comments