MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 062abe7e763d7eb2f9e973a33553a80b32a635ad4a89856442db33a19ee1d9b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 062abe7e763d7eb2f9e973a33553a80b32a635ad4a89856442db33a19ee1d9b6
SHA3-384 hash: abf40752834f6a9d3c62b124c69ab41b09de5aa1ba3e07797d4ee96457f26e49fa2cdb8d5607a93a0e4eee79480a35cb
SHA1 hash: 529cc09bb284cc95f14e520ea5e2bacf4d8199cc
MD5 hash: d17a140701099951664765272f5ed2d7
humanhash: johnny-angel-cup-bulldog
File name:Purchase Order.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:427'725 bytes
First seen:2020-08-17 05:18:54 UTC
Last seen:2020-08-17 05:22:46 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:1YDLB5LMSwB/DTNy6HMUfYsipGYcGz1CH81Z4mQrHEnbU2:iDLB1MSU7Tk6pYKYrgi2Enw2
TLSH AB94231D87B3A467D85E0AB6F8CA93761760B6D4A88834BD3B44BDE5D72C44E4C2C4B8
Reporter cocaman
Tags:NanoCore zip


Avatar
cocaman
Malicious email
From: Gary <sales5@cnsafeline.com>
Received: from cnsafeline.com (unknown [37.48.85.227])
Date: 16 Aug 2020 23:24:31 -0700
Subject: Purchase Order
Attachment: Purchase Order.zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/062abe7e763d7eb2f9e973a33553a80b32a635ad4a89856442db33a19ee1d9b6/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-16 23:06:32 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
22 of 29 (75.86%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayvl47twhv7lf6pjoortku5ibmzkmnnnjkeykzcc3mz2dhxb3g3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/062abe7e763d7eb2f9e973a33553a80b32a635ad4a89856442db33a19ee1d9b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 062abe7e763d7eb2f9e973a33553a80b32a635ad4a89856442db33a19ee1d9b6

(this sample)

NanoCore

Executable exe 5a60e205d770ae41f763d3a35d2a97533f8a42ad2c12367efb0ad6abd1a80a1e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a60e205d770ae41f763d3a35d2a97533f8a42ad2c12367efb0ad6abd1a80a1e
  
Dropping
NanoCore

Comments