MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa649c83ac0eda6cf32e4baaa8e8cf16cb9c0bd313f83bb87b876a065b8d396b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa649c83ac0eda6cf32e4baaa8e8cf16cb9c0bd313f83bb87b876a065b8d396b
SHA3-384 hash: f1d930d8477982c539f7eca61ce99c330fb206b73967e574b6ecb8f722c80a57db90394e7ed91800db22a5b031000eb5
SHA1 hash: b760dfa213aaa43613798d3740e964ced4980521
MD5 hash: c002fb890ed879bfc9919b22f50bf764
humanhash: sierra-orange-uniform-berlin
File name:ORDER407-395.ace
Download: download sample
Signature NanoCore
Create hunting rule
File size:508'724 bytes
First seen:2021-07-23 09:07:00 UTC
Last seen:Never
File type: ace
MIME type:application/octet-stream
ssdeep 12288:VCFzyy1PMtM+WjS6cimnarlvFmp2F4UgcZM4HeGG/fs/XPb9LquTiY:4v1PMS+yS092I5gcZ9ss/fx3J
TLSH T169B423718D091466CFC9C497C23D61B6B5BFA7D3E4E2C887C9F8B34C82B6829596538C
Reporter cocaman
Tags:ace NanoCore


Avatar
cocaman
Malicious email (T1566.001)
From: ""Svetlana Hristenko"<fayeconquest@gmail.com>" (likely spoofed)
Received: "from gmail.com (unknown [195.58.39.197]) "
Date: "23 Jul 2021 09:05:15 +0000"
Subject: "Re: ORDER."
Attachment: "ORDER407-395.ace"

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25738.AceHeur.Exe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25166.AceHeur.Exe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-ACE-exe.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa649c83ac0eda6cf32e4baaa8e8cf16cb9c0bd313f83bb87b876a065b8d396b/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-07-23 08:21:00 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vjsjza5mb3ngz4zojovkr2gpc3fzyc6tcp4dxod3q5vamw4nhfvq._file
Result
Malware family:
nanocore
Create hunting rule
Score:
  10/10
Tags:
family:nanocore evasion keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210723-h9fgkc4w16/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks whether UAC is enabled
NanoCore
Malware Config
C2 Extraction:
ifybest85fff.ddns.net:7600
194.5.98.23:7600
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/aa649c83ac0eda6cf32e4baaa8e8cf16cb9c0bd313f83bb87b876a065b8d396b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

ace aa649c83ac0eda6cf32e4baaa8e8cf16cb9c0bd313f83bb87b876a065b8d396b

(this sample)

NanoCore

Executable exe 8de030ae0ce859c64d84c14d30e0f89346851e5d84c540d81aa17a7b534f3bfb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8de030ae0ce859c64d84c14d30e0f89346851e5d84c540d81aa17a7b534f3bfb

Comments