MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bcd2565cb74d176e2f437c5a399dffe74fa9018bc980a628d7703435a237750. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bcd2565cb74d176e2f437c5a399dffe74fa9018bc980a628d7703435a237750
SHA3-384 hash: 9bef810b8682bf909c1b0d22fbadc00bff4215283ad69287f27d0f6fbeded4c300a9cce73471d09f73175da79acf55f1
SHA1 hash: be8ce91c036feddd8fd91fc832d276070f765ae6
MD5 hash: 496221d240919ea89e417268114319d6
humanhash: thirteen-zulu-florida-two
File name:Packing list Invoice-2020.3. incorrect,xlsx.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:5'167'842 bytes
First seen:2021-03-03 07:30:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304://m9QabAvBX7HPv6La95XFnZU66XzoNMpi/JUafP7RWYhfETx3GwyLm0gJLkCdv2:G9QWAvVDPCOHXFnZU66GMpfafjwm8TxG
TLSH 6436330E2DA7178B452F53968C2C83B4BC521219B3D3BDB5B89732A77DFC4E81BA8115
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ip153.ip-51-195-240.eu
Sending IP: 51.195.240.153
From: Sara<s.zennaro@omn.it>
Reply-To: bur.staten@bk.ru
Subject: Re: re: Correction
Attachment: Packing list Invoice-2020.3. incorrect,xlsx.zip (contains "Packing list& Invoice-2020.3. incorrect,xlsx.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn25.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4bcd2565cb74d176e2f437c5a399dffe74fa9018bc980a628d7703435a237750/
Threat name:
Win32.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 07:31:20 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jpgskzolotixnyxug7c2hgo77z2pveayxsmauyuno4bugwrdo5ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/4bcd2565cb74d176e2f437c5a399dffe74fa9018bc980a628d7703435a237750

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 4bcd2565cb74d176e2f437c5a399dffe74fa9018bc980a628d7703435a237750

(this sample)

NanoCore

Executable exe d6a8535e674dda41d9b294844be9c27b8af80831044d61354f77b50497b28fde

  
Dropping
MD5 4aa8ce16ab3312b70695a10a5b2fab75
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d6a8535e674dda41d9b294844be9c27b8af80831044d61354f77b50497b28fde

Comments