MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7434a901ef82dba7f31d229cf40797bae4b6486378262b55120446cf469bfe2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7434a901ef82dba7f31d229cf40797bae4b6486378262b55120446cf469bfe2
SHA3-384 hash: fb03cd9e08b4d0c3dc9abbe1e8582882e2f38599647dc913eafebc38d64c52e91b082f1068c859a848650aa6419792f5
SHA1 hash: 3247cb58728c49edb9c3d07e11ff2e4a768430b1
MD5 hash: 3b745bf26ee078eda40455254b39b214
humanhash: dakota-east-ink-network
File name:6245a28f7c93c175879998bf0312809d.exe
Download: download sample
Signature NanoCore
Create hunting rule
File size:207'872 bytes
First seen:2020-03-26 15:44:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:szEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HINyE9teJPqnXjTA9LWTbg9vb:sLV6Bta6dtJmakIM5lETe5qnXjct2EJb
Threatray 1'091 similar samples on MalwareBazaar
TLSH 4C14CF657BA8892FE2CE867960120153C378C2E3D9C3F3DE58D854B68B663E54B0B1D7
Reporter abuse_ch
Tags:exe GuLoader NanoCore


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Nanocore-5
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Nanocore
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 16:37:04 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
nanocorerat
Create hunting rule
Similar samples:
266c0f3b1cf78040080fce2037544112b77d23b25753c714d6390c2f705a3c34
NanoCore
5d37ea9d96ae208d4df3961643780b97016cf055128483ae287ad86616cbea45
NanoCore
756fde810887452ab2533283973f2e582df198988bcafde9f20dc85e35f4d5c4
NanoCore
83b70b20d0cdb13e9c420723ba5f025827d21e0c051c6e64b5553a5c372c3374
NanoCore
9c62e75f2dc168671bddfe8cad2b102197c10d9039d8917a7637585ff603dbdd
NanoCore
9fc240db7a0cd883c35e2cbfc6e8dcb2bb3921514dbce65aef46711de4a06a6a
NanoCore
bdddf5f5fa10f55e58819ff4ae4cf11902c3583503fa8fcf50ce67b1f1f66e4f
NanoCore
ddf157853be3dbebba9eea0db9815017a0c7d8dded210a5c291d7b0ccd2fd2be
NanoCore
e29e9d9beb5ce8187decf038cdc0b1d3102b4cfe43715a3b4f934098a943ebed
NanoCore
ed6ea055c622adab41b5eba73b4d556c4c843b9e77e21933297ca0ce972ce5c4
NanoCore
+ 1'081 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GuLoader

Executable exe 5e7792550edc1085dfffcf3dad7dbc31e164c7149abdce5bbaae0715106a2e1c

NanoCore

Executable exe c7434a901ef82dba7f31d229cf40797bae4b6486378262b55120446cf469bfe2

(this sample)

  
Dropped by
MD5 6245a28f7c93c175879998bf0312809d
  
Dropped by
MD5 1dc97d0d68c4d29e30c443c7b4b10c1f
  
Dropped by
GuLoader
  
Dropped by
SHA256 5e7792550edc1085dfffcf3dad7dbc31e164c7149abdce5bbaae0715106a2e1c
  
Dropped by
SHA256 b1216ba3ddb1b21271536a9740e16c6e7ea42b33f6e29b0e153a63ee6a7150b3
  
URLhaus
https://urlhaus.abuse.ch/url/328893/
  
URLhaus
https://urlhaus.abuse.ch/url/323077/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments