MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0cbd144abefbde7656a8ab6733b337165ea5929fd1829f179e8a852275d059f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	f0cbd144abefbde7656a8ab6733b337165ea5929fd1829f179e8a852275d059f
SHA3-384 hash:	748d0d45996fef3eed24e18cb3c16342465881a059cbcb81742b4e813413f1dd23bec00fa801fc756ec21e73ef585519
SHA1 hash:	a8ffd9a90e39d8ddef12000566f8548985620322
MD5 hash:	9099eac7b972d5336ea8e583d83ea2c8
humanhash:	pizza-echo-seven-minnesota
File name:	ProtectedFile.exe
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	247'808 bytes
First seen:	2020-04-05 13:28:34 UTC
Last seen:	2020-04-05 13:36:35 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep	3072:COReZ7pB4npjOfeCM7yJfQfPhIZaTLWDgLcDlBQxEEwUt:CYnzTyJf80aTbLJEA
Threatray	1'112 similar samples on MalwareBazaar
TLSH	F534539313CC6F5FCAFE5BB461B10B01A3DC525BC69EE52B2F4A118C0DABEC6A61C145
Reporter	JoulK
Tags:	NanoCore

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Packed.Bladabindi-6848156-0

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Tasker

Status:

Malicious

First seen:

2020-04-04 22:11:52 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=6df5crfl5666ozlkrk3hgoztofs6uwjj7umct4lz5cufej25awpq._file

Verdict:

malicious

Label(s):

nanocorerat

NanoCore

4559945017fcab5a492d4e7e5ea25d80ef8c27af4bcb72cb98b1e5e76077d21a

NanoCore

4dc229e375efa1e86ede0cf29688dff17e3ad50eee49e6b81991c7591542454e

NanoCore

5b982bb28bff9233140d835bd34cb4a0ef043e2304a8ce2a934e546c1db1c475

NanoCore

81dd6bf8f73b2cd5f20ddce56486310323723a6c07723b2a30803697fd17dded

NanoCore

8490e3d97ac25a9e1e87a0270a30076cc38b75ca705e28d5c78b93968b0231fb

NanoCore

8ee9784e9c874e7b40e667115655e0965420c5233238ca1499cdd7c25c79dc6c

NanoCore

a032cd20c067b83f1cab391af7671f7ae669de96dbf995f08580b14d218aeccc

NanoCore

b06c86dae636716a828d1dcc1e56ff8d6152fedba019b8da0ba0faa45aaebbd6

NanoCore

d451e3e7766abda3a6406d3e52ed8d123daa52409bb7905a44694855fa923888

NanoCore

+ 1'102 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NanoCore

exe f0cbd144abefbde7656a8ab6733b337165ea5929fd1829f179e8a852275d059f

(this sample)

any.run

https://app.any.run/tasks/f25a4004-5b89-405f-b3ae-4df8c5e80765

URLhaus

https://urlhaus.abuse.ch/url/335012/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample