MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccb120f7f64f3f353b197c9e5fa829a6f69133164df8f0de1f25eae0faea5615. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccb120f7f64f3f353b197c9e5fa829a6f69133164df8f0de1f25eae0faea5615
SHA3-384 hash: d6ab2942b9a77263384a7f0161dc105a6f090fdbaa562765d513826feedce63c1e571f81a35cd7b6914644b9c1ca4b4b
SHA1 hash: d1e5865291eb454cbcda43a3a4ea749d2ec67ee0
MD5 hash: 1b429716bd21321e7d7ec076b3822fac
humanhash: bluebird-red-tango-india
File name:1b429716bd21321e7d7ec076b3822fac.exe
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'550'336 bytes
First seen:2021-04-25 15:02:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:rPT/xAiDrg665j57rENUaYoj9ygZWtuYwHtLdPstOP4FO:X/mib6d3a/RtVd2usO
Threatray 11 similar samples on MalwareBazaar
TLSH 3175AF6AA342D0C4F65E1471CDA0FBF0051BBD6BCE0A6D1B114A3EC274BB69B5A3B147
Reporter abuse_ch
Tags:exe NanoCore RAT

Intelligence

File Origin
# of uploads :
1
# of downloads :
216
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1b429716bd21321e7d7ec076b3822fac.exe
Verdict:
No threats detected
Analysis date:
2021-04-25 15:04:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/14c66663-418d-420f-87cd-7443416509d9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/144094/
Detection(s):
SecuriteInfo.com.Artemis1B429716BD21.115.16234.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/697054
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 397448 Sample: WaTDBvsUGA.exe Startdate: 25/04/2021 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 WaTDBvsUGA.exe 2 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ccb120f7f64f3f353b197c9e5fa829a6f69133164df8f0de1f25eae0faea5615/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-25 15:03:09 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zsysb57wj47tkoyzpspf7kbju33jcmywjx4pbxq7exvob6xkkykq._file
Verdict:
unknown
Similar samples:
1a2a8493be747f95ae9b75bde24fc098fa7c83ec0c16be5c65eeedca264a361a
NanoCore
28923e4a9c0a58473ee83f8ce9f09194bdbcf67d6e7ebae1151bf16bb4955f19
NanoCore
3cdf63d5741d54b8749990c5285ed1c521d9e2bfffe61dbf596fb0a5534a0703
NanoCore
62432e5c18aca2d5cfb32de2cba3d79b0de60b72d8930b31e450a8d975a0095b
NanoCore
a54e20931a26b860ec76f21d8b24ebc8a20afccc5be8abd5b9de43f120518e75
NanoCore
d17375a4f18beb4ea9d4025561d47ea3cb1fdd1f83d636f6b4d5fffd1c4a0980
NanoCore
def2ee23d3a774c09575c9918cf9f5783339850ff9a150bc2cedf81028107fa6
NanoCore
dfff6768cd44b788ebf3e6a31d5b142d6f5ff7ea2fe7f3cd31640ace304dda6e
NanoCore
e69749b22ac748db61a34128d613965a56d372d06228b8cbd0ad435c3e046f39
NanoCore
ecc540938addc1a440ef6ceb7714a0b45153c04c28df4395e3de18181439341a
NanoCore
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210425-6fjpgw47gx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
ccb120f7f64f3f353b197c9e5fa829a6f69133164df8f0de1f25eae0faea5615
MD5 hash:
1b429716bd21321e7d7ec076b3822fac
SHA1 hash:
d1e5865291eb454cbcda43a3a4ea749d2ec67ee0
Link:
https://www.unpac.me/results/34d90da6-e595-4e6a-8bc1-0c8c3ab93001/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NanoCore

Executable exe ccb120f7f64f3f353b197c9e5fa829a6f69133164df8f0de1f25eae0faea5615

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1157792/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/144094/

Comments