MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac25715eee64d9064413bcf2a7f6d8ba37ad82ee218311c049fdb80aac121f75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac25715eee64d9064413bcf2a7f6d8ba37ad82ee218311c049fdb80aac121f75
SHA3-384 hash: d3e845cfe5347ee70c46f4b3c659bcfa1c23f197dbff487eb93f50e9de0d51f352c7b702e3c141a538881aa217466362
SHA1 hash: b1ada775579365fd7e1b915e50e47dfab1e0d42d
MD5 hash: 5f85bb7d5d90ef10187eefa2d4326e6e
humanhash: whiskey-colorado-maryland-spring
File name:quisitions pdf.7z
Download: download sample
Signature NanoCore
Create hunting rule
File size:547'485 bytes
First seen:2021-05-20 05:33:33 UTC
Last seen:2021-05-20 06:09:38 UTC
File type: 7z
MIME type:application/x-rar
ssdeep 12288:XLwDrB2GeAOVtSVjgJWP1rj2brUxjCOf+WPqbQqHjMkANieq:X8D8nAW8WcBj2fCjIWPyQMjJANieq
TLSH 8FC42379C467CA40DFA3F61091373B3AB2604F99A190B6369C646438D577638E3B72BC
Reporter fabjer
Tags:7z NanoCore RAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac25715eee64d9064413bcf2a7f6d8ba37ad82ee218311c049fdb80aac121f75/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-05-19 21:37:13 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vqsxcxxomtmqmratxtzkp5wyxi323axoegbrdqcj7w4avlasd52q._file
Result
Malware family:
nanocore
Create hunting rule
Score:
  10/10
Tags:
family:nanocore evasion keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210520-xrjwlhfeta/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks whether UAC is enabled
NanoCore
Malware Config
C2 Extraction:
23.105.131.171:4040
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ac25715eee64d9064413bcf2a7f6d8ba37ad82ee218311c049fdb80aac121f75

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

7z ac25715eee64d9064413bcf2a7f6d8ba37ad82ee218311c049fdb80aac121f75

(this sample)

NanoCore

Executable exe b0a8ad4663cb719ab9b915c0e030b4534ee9aa46126ae932e05d761629883038

  
Dropping
SHA256 b0a8ad4663cb719ab9b915c0e030b4534ee9aa46126ae932e05d761629883038
  
Delivery method
Distributed via e-mail attachment

Comments