MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e3ac1a8acc5574e998506740966c3f72a7a31f32d982a25aef0fb64b9506de0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e3ac1a8acc5574e998506740966c3f72a7a31f32d982a25aef0fb64b9506de0
SHA3-384 hash: 8320975220bb7beb6bc48bd95fde3188df4a310e4fa13dbdd8ecf451a1deaebb127c4e82e517c853f3641ed17e5b49a6
SHA1 hash: f4afdf56d6e5d813f7e954ecf1306cfd723f2ed9
MD5 hash: 5a2e9bca8bb1d9112570f7456fdc6cd5
humanhash: crazy-double-cola-orange
File name:PRODUCT(S).IMG
Download: download sample
Signature NanoCore
Create hunting rule
File size:2'293'760 bytes
First seen:2022-08-31 08:20:37 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 49152:r88N+IgUaCF/ED8OgYUUfcQ3Kzp8nA6lN8q0CgGEeG:r88N+ImCdED8Sz0Q3KN8pNr0CLX
TLSH T107B502971BD45B31C6BD33B62294BA30B7E1F0C34660DB47695D80E63B7B7826EAD402
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:img QUOTATION


Avatar
cocaman
Malicious email (T1566.001)
From: "info@metaldekors.lv" (likely spoofed)
Received: "from metaldekors.lv (unknown [107.182.129.248]) "
Date: "30 Aug 2022 13:53:56 +0200"
Subject: "Request For Quotation / Urgent Supply"
Attachment: "PRODUCT(S).IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
182
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Nanocore.23.16681.18273.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
80%
Tags:
packed
Link:
https://www.filescan.io/uploads/630f1b81e87b88e71be71c09/reports/9e34b564-b2b6-4a6f-b787-e49bbe5c70ad/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e3ac1a8acc5574e998506740966c3f72a7a31f32d982a25aef0fb64b9506de0/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2022-08-30 17:59:23 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
8 of 41 (19.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=by5mdkfmyvlu5gmfaz2aszwd64vhumptfwmcujno6d5wjokqnxqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img 0e3ac1a8acc5574e998506740966c3f72a7a31f32d982a25aef0fb64b9506de0

(this sample)

NanoCore

Executable exe 70662e2083b1d63621104477251aac710dec8dc51dd1df18923f6717490cfa47

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 70662e2083b1d63621104477251aac710dec8dc51dd1df18923f6717490cfa47
  
Dropping
MD5 f64102abd13b4e5ba62608ca742070f4

Comments