MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c863a9cea6f4fcc78a6c005c027a0a1a028a2c8e97c24bc3c86ba70665c7defb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c863a9cea6f4fcc78a6c005c027a0a1a028a2c8e97c24bc3c86ba70665c7defb
SHA3-384 hash: 02a6256963696121187bc96c7c35cd8653cc5c329cea2290787d32978ae8342ea652cda4699f0ee5d4056d972fa654ca
SHA1 hash: b9cd77a2c1cfd4317bfffc8bb8d0186fffdfdbd6
MD5 hash: 78fd7f45135166e02878bf5c07a174b6
humanhash: orange-spring-winter-maryland
File name:P.O List.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:480'287 bytes
First seen:2020-10-15 11:38:45 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:3+I2uilymFF+dqbWRd8dW0QyPsx9JKxAm6Z7c:3B2ueJFF+dGid6W0QNx6Cm6y
TLSH C5A4234C8ADC58CB9A38DB0D2F1B429E7F76711EE3BD25875887E4E2A59F910F647002
Reporter abuse_ch
Tags:arj NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: con-lash.com
Sending IP: 185.222.57.71
From: purchasing@con-lash.com
Subject: RE: New P.O List FYI
Attachment: P.O List.arj (contains "P.O List.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c863a9cea6f4fcc78a6c005c027a0a1a028a2c8e97c24bc3c86ba70665c7defb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 05:21:28 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbr2ttvg6t6mpctmaboae6qkdibiuleos7bexq6inotqmzoh335q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c863a9cea6f4fcc78a6c005c027a0a1a028a2c8e97c24bc3c86ba70665c7defb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj c863a9cea6f4fcc78a6c005c027a0a1a028a2c8e97c24bc3c86ba70665c7defb

(this sample)

NanoCore

Executable exe f9dfd82d610e342a0d0a21dad1df689c979f863ee1b9f978c56dee49c5bfbb69

  
Dropping
MD5 ab68bace36ec6c744162c32cf3f83f90
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f9dfd82d610e342a0d0a21dad1df689c979f863ee1b9f978c56dee49c5bfbb69

Comments