MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc81143f6e0e4ead0a9c2922505798b21a81ffef96ad0d0bae5909d82550df6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara 5 Comments

SHA256 hash: bc81143f6e0e4ead0a9c2922505798b21a81ffef96ad0d0bae5909d82550df6b
SHA3-384 hash: 561d2010d11dcac7413abf70cd6ce9083981f103aa2cfd1d1dd1eb511946631c0e46b79dbb29de7d784c41e00c07c26c
SHA1 hash: 8fa36894d0225ff558ec80c7701005f46eb52e6f
MD5 hash: 9a2e3d2411e4749e116810fa7826a7bc
humanhash: muppet-pizza-queen-uniform
File name:9a2e3d2411e4749e116810fa7826a7bc.exe
Download: download sample
Signature NanoCore
File size:422'912 bytes
First seen:2020-06-30 12:11:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:KVpgtiX/9OeyX7mvwh6xULqc0BACl3Cy:KVpgtiXbyXivwh
TLSH FC949D9C365075EFC827C973DAA82C64AA61B47B530BD343A05322AD9A0D79BCF115F3
Reporter @abuse_ch
Tags:exe NanoCore RAT


Twitter
@abuse_ch
NanoCore RAT C2:
bolingost.ddns.net:4419 (37.49.230.76)

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 21
Origin country FR FR
CAPE Sandbox Detection:Nanocore
Link: https://www.capesandbox.com/analysis/17113/
ClamAV Win.Packed.Nanocore-8176540-0
CERT.PL MWDB Detection:nanocore
Link: https://mwdb.cert.pl/sample/bc81143f6e0e4ead0a9c2922505798b21a81ffef96ad0d0bae5909d82550df6b/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-05-26 12:42:46 UTC
AV detection:27 of 31 (87.10%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:nanocore
Link: https://tria.ge/reports/200630-6q1xqrvjze/
Tags:evasion trojan keylogger stealer spyware family:nanocore
Config extraction:bolingost.ddns.net:4419
194.5.97.23:4419
VirusTotal:Virustotal results 75.71%

Yara Signatures


Rule name:ach_NanoCore
Author:abuse.ch
Rule name:Nanocore
Author:JPCERT/CC Incident Response Group
Description:detect Nanocore in memory
Reference:internal research
Rule name:Nanocore_RAT_Feb18_1
Author:Florian Roth
Description:Detects Nanocore RAT
Reference:Internal Research - T2T
Rule name:Nanocore_RAT_Gen_2
Author:Florian Roth
Description:Detetcs the Nanocore RAT
Reference:https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Rule name:win_nanocore_w0
Author: Kevin Breen <kevin@techanarchy.net>

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NanoCore

Executable exe bc81143f6e0e4ead0a9c2922505798b21a81ffef96ad0d0bae5909d82550df6b

(this sample)

  
Delivery method
Distributed via web download

Comments