MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ca3360c59689e8e00e1397649bc9754e5f3b26c00e77f528878a063ef279d1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ca3360c59689e8e00e1397649bc9754e5f3b26c00e77f528878a063ef279d1b
SHA3-384 hash: 716fcb5d461fcf55d5706f7ec4c860c9a459f40bed0e4d6d076a7a52cacb1dd2bfdb247d50e1be9d05c36db2d2fc717a
SHA1 hash: baf1cecda389484ab325f37514446b607d4a87ec
MD5 hash: 944547ca31d869b6b9f0bd1827a67a79
humanhash: purple-neptune-alanine-louisiana
File name:BL DRAFT.IMG
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'310'720 bytes
First seen:2022-08-31 05:18:33 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Up0F75eO2JqLV0B2WLBBmyN83IUQunKyahQn12zpCfDgfpq8jJScqVPApr:UqZ5pLVg2IB0E0wzUOprNk6p
TLSH T1E455121EA1299B26F0590B7152F1F325823B7F041133E7CE2DCCF2A86BD5B52861BB52
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:img NanoCore


Avatar
cocaman
Malicious email (T1566.001)
From: "Rinky Lalwani [rinky@goodrichindia.com]" (likely spoofed)
Received: "from panjikeji.com (unknown [107.182.129.248]) "
Date: "30 Aug 2022 05:24:11 +0200"
Subject: "01ST CHECK COPY/// BL NO.VASHZACMB001467/// EXPORT RELEASE ORDER : VASHZA2200177//VASHZA2200178 || 01X20 GP || FPOD : COLOMBO // 1X20 // COLOMBO // HAZ // CLASS : 6.1 // UN NO : 1601//PG : II / /HAZIRA PICK UP//HAZIRA LOADING//384 PACKING"
Attachment: "BL DRAFT.IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1427.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/630ef05e116a699e028e0615/reports/f5337362-a825-4461-81ca-1e3eca3dbf3c/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0ca3360c59689e8e00e1397649bc9754e5f3b26c00e77f528878a063ef279d1b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-08-30 05:52:33 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
16 of 40 (40.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bsrtmdczncpi4ahbhf3etpexkts7hmtmadtx6uuipcqgh3zhtunq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img 0ca3360c59689e8e00e1397649bc9754e5f3b26c00e77f528878a063ef279d1b

(this sample)

NanoCore

Executable exe 308363ca0bad56134160cbc34dff0c6e881dfd6daf567555879f9d9edda08b36

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 308363ca0bad56134160cbc34dff0c6e881dfd6daf567555879f9d9edda08b36
  
Dropping
NanoCore
  
Dropping
MD5 1f89f4b57cc6bd5fd23a778f9a219581

Comments