MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1896f1f9485e36a56428bb6880bc9a240962044caeaef0bdf59ed181200fb4af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1896f1f9485e36a56428bb6880bc9a240962044caeaef0bdf59ed181200fb4af
SHA3-384 hash: 99318edbf407f55fd8cee266aeab63ed1ed07f874de72585d6689d2e73c4f52df7481d3480b48295eadfd7836738e576
SHA1 hash: da133161723bc0dafcf9852cdf8bea2f532107c4
MD5 hash: c2a61ba0acbb3581bf227114f929a46f
humanhash: alaska-butter-jupiter-avocado
File name:OVERDUE ACCOUNT.7z
Download: download sample
File size:548'514 bytes
First seen:2020-11-28 11:31:18 UTC
Last seen:2020-12-01 15:14:41 UTC
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 12288:6DqBBKrcGIBdXovPRYbABebJ5QxmL5CUaKSqBv1vtL+v3FM0o:6QBEzIgXR4ABYKmL4FqR6S0o
TLSH 9CC4233472B66855DC670D7A89E180C11354E3BBB36923ED18060F9A06F35978FBCE6B
Reporter cocaman
Tags:7z


Avatar
cocaman
Malicious email (T1566.001)
From: ""Lu shunjie"(DHL)<no-reply@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [103.99.1.146]) "
Date: "28 Nov 2020 09:24:02 -0800"
Subject: "RE: (MOST URGENT) OVERDUE ACCOUNT "
Attachment: "OVERDUE ACCOUNT.7z"

Intelligence

File Origin
# of uploads :
5
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1896f1f9485e36a56428bb6880bc9a240962044caeaef0bdf59ed181200fb4af/
Threat name:
Win32.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-28 11:32:05 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
BO
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1896f1f9485e36a56428bb6880bc9a240962044caeaef0bdf59ed181200fb4af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z 1896f1f9485e36a56428bb6880bc9a240962044caeaef0bdf59ed181200fb4af

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments