MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38fe01f866b2116a3d30206556030ee2526f645d0924981589d1bb1e873adb2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38fe01f866b2116a3d30206556030ee2526f645d0924981589d1bb1e873adb2a
SHA3-384 hash: 92fe689f504a9e7063756290aeae4fb4d854360024fcbb5d43bd2d510d4b0152d60a612f66121c09a445a19b3d9e1931
SHA1 hash: ae27984d7978dd0deff6a20a1f54692dcc3549e5
MD5 hash: cd085f21bb5a77abfd9c7e0c92588116
humanhash: mockingbird-washington-one-pluto
File name:P I.7z
Download: download sample
Signature NanoCore
Create hunting rule
File size:591'288 bytes
First seen:2021-06-21 06:02:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:fjtDjWqcz9I4ZV5j8Yt/ln9uiByabCeds1/dh:7FWqs1V5dtDMgUh
TLSH C9C423BD758C8518486061049DABDDE260E07BDE5393F17C6053BC8F637627ADAF482B
Reporter cocaman
Tags:7z NanoCore zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Sales Executive-MENR.ORG<donlindacrews@gmail.com>" (likely spoofed)
Received: "from gmail.com (unknown [51.254.83.90]) "
Date: "21 Jun 2021 06:52:27 +0200"
Subject: "Re:PI # 097663899"
Attachment: "P I.7z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
335
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37129396.5151.1375.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/38fe01f866b2116a3d30206556030ee2526f645d0924981589d1bb1e873adb2a
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38fe01f866b2116a3d30206556030ee2526f645d0924981589d1bb1e873adb2a/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-06-21 01:26:00 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hd7ad6dgwiiwupjqebsvmayo4jjg6zc5besjqfmj2g5r5bz23mva._file
Result
Malware family:
nanocore
Create hunting rule
Score:
  10/10
Tags:
family:nanocore evasion keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210621-rvwdv7lze2/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks whether UAC is enabled
NanoCore
Malware Config
C2 Extraction:
ifybest85fff.ddns.net:7600
194.5.98.23:7600
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/38fe01f866b2116a3d30206556030ee2526f645d0924981589d1bb1e873adb2a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 38fe01f866b2116a3d30206556030ee2526f645d0924981589d1bb1e873adb2a

(this sample)

NanoCore

Executable exe 25d8116f247bbc90103e46cb52fb180a1d58c7755a246be8030e47a86fe788b4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25d8116f247bbc90103e46cb52fb180a1d58c7755a246be8030e47a86fe788b4

Comments