MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa806c219e616ac2af83687b7487257495783db4f061d99d8504da4689fb3078. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa806c219e616ac2af83687b7487257495783db4f061d99d8504da4689fb3078
SHA3-384 hash: 61904290f6f1f7c6aced7f012cbbade0a103ee901b78ac9a25d0066ed257f3c76b74660596e025414e662335d59bb032
SHA1 hash: f414c81eb025b10025401a862d1bbf998f7ab965
MD5 hash: 1baf7a4657f4c08c48ee4c7ea3e8b197
humanhash: hydrogen-nitrogen-pluto-coffee
File name:BANKING DETAILS.lzh
Download: download sample
Signature NanoCore
Create hunting rule
File size:722'944 bytes
First seen:2020-10-14 06:54:03 UTC
Last seen:2020-10-14 07:00:46 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:0Ty3gs9nbYY3byYCycAoRyyRNvGaYQtmA1qCsqYAxv8n7fwFLgkxdHafDTklMdB5:ngq7rdcAoEyRNvltmAOqYk82LgkXakl0
TLSH 10F433DC7077A52704B7D15CABC087EBD5D4AA48B6A13AA5D3FBFE81C6CC620C81E191
Reporter GovCERT_CH
Tags:NanoCore

Intelligence

File Origin
# of uploads :
4
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa806c219e616ac2af83687b7487257495783db4f061d99d8504da4689fb3078/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 06:55:07 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7kagyim6mfvmfl4dnb5xjbzfoskxqpnu6bq5thmfatnencp3gb4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fa806c219e616ac2af83687b7487257495783db4f061d99d8504da4689fb3078

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar fa806c219e616ac2af83687b7487257495783db4f061d99d8504da4689fb3078

(this sample)

NanoCore

Executable exe 1167a7d5a6192107c841eee3d1292914e2ddbe6b661f2c2c41f1c1977ac97372

  
Dropped by
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1167a7d5a6192107c841eee3d1292914e2ddbe6b661f2c2c41f1c1977ac97372
  
Dropping
MD5 1262b749a06063e271dc653a25f2eeea

Comments