MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c02b4e7ee5f90b7167e3c0407438533b1abb443feae6b640c9dda54beb43f6e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c02b4e7ee5f90b7167e3c0407438533b1abb443feae6b640c9dda54beb43f6e2
SHA3-384 hash: 08e052dabd152626170c2d73fabc2af08031b14366a099e16f3213120d8c2818262593debcb26f3fe40ddcf5289c1ea6
SHA1 hash: ac952c66df116b8104719262ce64995128acdc40
MD5 hash: 82d8a796fdcf4feb7ab128ca4cb48da0
humanhash: rugby-cardinal-cardinal-fish
File name:190408_CoC_list.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:620'480 bytes
First seen:2021-02-03 10:19:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:MvXQ/PkHvjUJHcnSy17d/myjG+ut2FXmrlCOeDmgvS61v2:UXQ/inSy1huGG+ut2FXm6C61v2
TLSH 4ED4234104E3604FAD8BD72FD1B12191B2D1BF36865DFA4A4684B37C41A5009FAAEDFE
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.helitactica.xyz
Sending IP: 203.159.80.22
From: Ewa Laszcz <ewailp@icloud.com>
Reply-To: Ewa Laszcz <sdmarine861000@gmail.com>
Subject: New Order Request for PI..
Attachment: 190408_CoC_list.zip (contains "190408_CoC_list.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42827.22274.30159.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c02b4e7ee5f90b7167e3c0407438533b1abb443feae6b640c9dda54beb43f6e2/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-03 10:20:11 UTC
AV detection:
12 of 45 (26.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yavu47xf7efxcz7dybahiocthmnlwrb75ltlmqgj3wsux22d63ra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c02b4e7ee5f90b7167e3c0407438533b1abb443feae6b640c9dda54beb43f6e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip c02b4e7ee5f90b7167e3c0407438533b1abb443feae6b640c9dda54beb43f6e2

(this sample)

NanoCore

Executable exe d4fe5652b38307f15145ad7bbb8b7934b007272eade6eb337c21208e7f35025c

  
Dropping
MD5 3afbe2613da246ef2e6a050455e8963a
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d4fe5652b38307f15145ad7bbb8b7934b007272eade6eb337c21208e7f35025c

Comments