MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6a3efa2857d3465d4d71495b3682919d58770ca85c2f1edd1cef6013d4d71de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6a3efa2857d3465d4d71495b3682919d58770ca85c2f1edd1cef6013d4d71de
SHA3-384 hash: 7c10b0919ab94d6bd32787e0e463b16e6713edcecb191ac2517182c0e3426d5165b4af313a1f09352d51e4ac32a751d3
SHA1 hash: f398d7da775d45f0aee55789940f7fe9f71dd709
MD5 hash: ff16390d11b876dc13867fc20f041034
humanhash: washington-jersey-princess-earth
File name:Parts Order08132020,pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:895'182 bytes
First seen:2020-08-13 14:26:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:rXEkrBMdCHaOYEgl+fIsnrXvU1IfWCPLcPPB9:p2POYEgl3snrXvlf/LEH
TLSH B81533CE9231B5548373AA796B3DDE06F050CAB4ADF194833D24B95E42E7F92A0F1079
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: oliphaunt.gmikenma.com
Sending IP: 199.58.179.120
From: Rhys Davies <info@grupoprornedca.com>
Subject: Quote
Attachment: Parts Order08132020,pdf.zip (contains "Parts Order08132020,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6a3efa2857d3465d4d71495b3682919d58770ca85c2f1edd1cef6013d4d71de/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 14:28:07 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w2r67iufpu2glvgxcsk3g2bjdhkyo4gkqxbpd3orz33acpknohpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b6a3efa2857d3465d4d71495b3682919d58770ca85c2f1edd1cef6013d4d71de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip b6a3efa2857d3465d4d71495b3682919d58770ca85c2f1edd1cef6013d4d71de

(this sample)

NanoCore

Executable exe 0c75ced9ff9cb13255c6bf59e1e817b861f1c25e47d1aab2c891617615cde1e6

  
Dropping
MD5 bf8e813c7b057e26f21e79bd35afa5b1
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c75ced9ff9cb13255c6bf59e1e817b861f1c25e47d1aab2c891617615cde1e6

Comments