MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbcd27c8be35a042e9cbac504dc40f8a6bc87a1f2cf4734d6533d9257c56b82c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbcd27c8be35a042e9cbac504dc40f8a6bc87a1f2cf4734d6533d9257c56b82c
SHA3-384 hash: 61a8c94c54defd3673a9c7d70cc6d23241d5a79474cd1ef2297937487415f51283a391f176fe38b0846a9e24a926bdb2
SHA1 hash: a7e88fd6a76cc89625151b3ebc50919106bdd0fa
MD5 hash: c08289c9dfe2f5f279b35c53d06b5500
humanhash: pizza-spring-cardinal-berlin
File name:Bank Update Info.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:824'512 bytes
First seen:2020-11-07 09:55:41 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 24576:++6SmInTowHS9jLIvVA2VCCR6YdyAK+4t6e:KqdHkyV3VCi6YwAKNx
TLSH 86052380F94B84C5F85FB8D60B0417572E39B5A4A1A6F403F985B99F418DAC6EAF33C1
Reporter abuse_ch
Tags:arj AUS geo NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: emirates.net.ae
Sending IP: 185.222.57.154
From: National Bank of Australia<alsumood@emirates.net.ae>
Subject: Update your Banking Informatio
Attachment: Bank Update Info.arj (contains "Bank Update Info.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbcd27c8be35a042e9cbac504dc40f8a6bc87a1f2cf4734d6533d9257c56b82c/
Threat name:
Win32.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 17:28:19 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7pgspsf6gwqef2olvrie3raprjv4q6q7ft2hgtlfgpmsk7cwxawa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj fbcd27c8be35a042e9cbac504dc40f8a6bc87a1f2cf4734d6533d9257c56b82c

(this sample)

NanoCore

Executable exe f1f3d5f8746c283035bd87b68edf20257627350539b9527a2e765ffd49008906

  
Dropping
MD5 76a20cdde85543520c9f750c891b8017
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f1f3d5f8746c283035bd87b68edf20257627350539b9527a2e765ffd49008906

Comments