MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ef3e1f3e96c6e61a980295d87cf23ae938841a298a153d2dacad0be85b125a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	2ef3e1f3e96c6e61a980295d87cf23ae938841a298a153d2dacad0be85b125a1
SHA3-384 hash:	e4a3ebf7ae705d4838295d1428aa68b46320e942082d355fe4f69eb45abf2767ffb8cf40ff66e8f25feb77e52e7c6562
SHA1 hash:	981136e37874542e46dd7ee6946f813d0e581c1d
MD5 hash:	fa2a6479dbbf784510c36c07378d6fa2
humanhash:	finch-neptune-equal-solar
File name:	DHL AWB TRACKING DETAILS.PDF.z
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	357'376 bytes
First seen:	2020-10-19 06:29:44 UTC
Last seen:	Never
File type:	z
MIME type:	application/x-rar
ssdeep	6144:+c3NyCPN/90bGnOVSlLS/4Lhl2B4dbh6jggxsRyxlplsJLkBktzqc2l:N3NyKEy6AWOMB4RkjggxvLpl8Ztubl
TLSH	E27423A6836E6E2E4F53002BA2D5D271E1F83E05749DF3DDCA5E3051B4B826153E2CE6
Reporter	abuse_ch
Tags:	DHL NanoCore z

abuse_ch

Malspam distributing unidentified malware:

HELO: server.goofty.ml
Sending IP: 89.223.121.130
From: DHL OFFICE <dhl@goofty.ml>
Subject: DHL NOTIFICATION:- YOUR PACKAGE HAS ARRIVED ON 18/10/2020
Attachment: DHL AWB TRACKING DETAILS.PDF.z (contains "DHL AWB TRACKING DETAILS.exe")