MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c321c5bdc82d554ea695bb5927a9c23ffa7dd9301fabc68981ad4e0ac956a51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 1 Yara 1 Comments

SHA256 hash: 3c321c5bdc82d554ea695bb5927a9c23ffa7dd9301fabc68981ad4e0ac956a51
SHA3-384 hash: 8500375b551bd0f77cf5010952a8bd9533d5fddc203be9a4d92a70fc5649060c165dd15ff1465d38299145181778856c
SHA1 hash: 9ee2b02b3bc95d1ecaf9699198474e63c7b6d367
MD5 hash: 557d7d397e7566fde718dd615add8e67
humanhash: music-edward-echo-purple
File name:INV3677290.xlsx
Download: download sample
Signature NanoCore
File size:612'352 bytes
First seen:2020-06-30 07:14:24 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/encrypted
ssdeep 12288:QWslYNYsOHfN3gvF7AtwR26l3lhZsUEet/p5X4ZW+dWpR:FZK13gt7AtwR26BjC/et/pWrdWp
TLSH 0AD4238274D1DF2BE8A61CB84B69147C1D2DFC929B8AC0C5530D7728153CABCB79BB64
Reporter @cocaman
Tags:NanoCore xlsx

Malicious email
From: "sales"<>
Received: from ( [])
Date: Tue, 30 Jun 2020 05:20:24 +0200
Subject: Pending Order #23741202-00
Attachment: INV3677290.xlsx


Mail intelligence
Trap location Impact
DE Germany Low
Global High
CH Switzerland Low
IT Italy Low
# of uploads 1
# of downloads 32
Origin country FR FR
ClamAV PUA.Doc.Packed.EncryptedDoc-6563700-0
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Document-Word.Exploit.CVE-2017-11882
First seen:2020-06-30 04:03:41 UTC
AV detection:26 of 48 (54.17%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:nanocore
Tags:persistence evasion trojan keylogger stealer spyware family:nanocore
VirusTotal:Virustotal results 36.67%

Yara Signatures

Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Excel file xlsx 3c321c5bdc82d554ea695bb5927a9c23ffa7dd9301fabc68981ad4e0ac956a51

(this sample)

Delivery method
Distributed via e-mail attachment