MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38063246fb1b21967dc05b8ce6bbce3fe0cb089d8735494ff2414213e6c8e1af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38063246fb1b21967dc05b8ce6bbce3fe0cb089d8735494ff2414213e6c8e1af
SHA3-384 hash: cdce7df1c14c31f3ec18a0ff6ea76551c3077bf9d1c8b9c2e2645c29e098e537400ed374c35fc3f72ece757bde16c0cb
SHA1 hash: 7b7df31b963fd1975d88b1e07394562632c38beb
MD5 hash: b0ee4b5e23cde22beef77350afb4d563
humanhash: butter-single-artist-mango
File name:CN-Invoice-XXXXX9808-19011143287989.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:272'384 bytes
First seen:2021-02-22 07:30:49 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:xVz5TWmVK3zUNBhgT2tPo55rKrFUcDOC53bzf01I:xVRV+bIFNMI
TLSH 74447303A92D99B2EF38A33E40050CC991F51C9C56D9B21A57BCBD3DDA7D4221D1FA2E
Reporter abuse_ch
Tags:FedEx iso NanoCore


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 64.188.20.113.static.quadranet.com
Sending IP: 64.188.20.113
From: FedEx Express - Do Not Reply <Carrie.Park@expeditors.com>
Reply-To: nopeply-fedeoxngr@iname.com
Subject: [CN]: FedEx Invoice 账单 (CustomerAccount -XXXXX9808-19011143287989)
Attachment: CN-Invoice-XXXXX9808-19011143287989.iso (contains "CN-Invoice-XXXXX9808-19011143287989.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Noon-9829285-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38063246fb1b21967dc05b8ce6bbce3fe0cb089d8735494ff2414213e6c8e1af/
Threat name:
ByteCode-MSIL.Downloader.BaseLoader
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 07:31:25 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hadderx3dmqzm7oalogono6oh7qmwce5q42ust7sifbbhzwi4gxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/38063246fb1b21967dc05b8ce6bbce3fe0cb089d8735494ff2414213e6c8e1af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 38063246fb1b21967dc05b8ce6bbce3fe0cb089d8735494ff2414213e6c8e1af

(this sample)

NanoCore

Executable exe 7d862f96808968bbe9ca5bf571335f86cd100faa6d131a1e148ef8c54f5a4eed

  
Dropping
MD5 379482795da0042d0070e6ae599a369b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d862f96808968bbe9ca5bf571335f86cd100faa6d131a1e148ef8c54f5a4eed

Comments