YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash fd1b6cdfb2204d1449706ce5542715dba43ff31f1dd381818db5534c628f9dcb.

Scan Results


SHA256 hash: fd1b6cdfb2204d1449706ce5542715dba43ff31f1dd381818db5534c628f9dcb
File size:3'166'208 bytes
File download: Original
MIME type:application/octet-stream
MD5 hash: 9cb48c73309dcbd3fbe519fa2c9ff495
SHA1 hash: a9e8197b4059a6be3b1c1153b7c5ef366e5a559c
SHA3-384 hash: 6c96f801aa93fdfedfa5ed746e288b7f0e2917ff86b12a68458c8918d6a71add6b1f3935eb2e4cc2dfd0708838adbb2c
First seen:2022-11-24 19:43:09 UTC
Last seen:Never
Sightings:1
imphash :n/a
ssdeep : 98304:GwB9YRTyfTX2Q2WTyfTX2Q2Xc8LLc8LLc8Llc8LKc8LqoPIvoPIaAF0AF0AFtA:GxOzXOzKcQcQcAcNcuHyll
TLSH : T1ECE51221A7D8453FE1DF96BE616656128379C2C3A8D3FBDF6890E1A35A263F406031C7
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:39ace2f2-6c30-11ed-a71a-42010aa4000b
File name:5420000.shc
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:ach_NanoCore
Author:abuse.ch
TLP:TLP:WHITE
Repository:sandnet
Rule name:malware_Nanocore_strings
Author:JPCERT/CC Incident Response Group
Description:detect Nanocore in memory
Reference:internal research
TLP:TLP:WHITE
Repository:JPCERTCC
Rule name:nanocore_rat
Author:jeFF0Falltrades
TLP:TLP:WHITE
Repository:jeFF0Falltrades
Rule name:Nanocore_RAT_Gen_2
Author:Florian Roth
Description:Detetcs the Nanocore RAT
Reference:https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
TLP:TLP:WHITE
Repository:Neo23x0
Rule name:Nanocore_RAT_Gen_2_RID2D96
Author:Florian Roth
Description:Detetcs the Nanocore RAT
Reference:https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
TLP:TLP:WHITE
Rule name:win_nanocore_w0
Author:Kevin Breen <kevin@techanarchy.net>
TLP:TLP:WHITE
Repository:malpedia
Rule name:Windows_Trojan_Nanocore_d8c4e3c5
Author:Elastic Security
TLP:TLP:WHITE
Repository:elastic

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.