MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59ea0bf567783d3322f67f7b638c33f08047e306e5684e734eaf217e405ad3f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59ea0bf567783d3322f67f7b638c33f08047e306e5684e734eaf217e405ad3f4
SHA3-384 hash: 02042897279f2b59d61857bd4b1c29cde8d0c19273837593a1be881a9242f67ce069b5fae2aecd3dce9f5e98bd0de1ac
SHA1 hash: 50dbb508f1e023994ba72cb2636a2fce52658b63
MD5 hash: 2f8c2281dd77fe1b4360323f17d367ae
humanhash: helium-yankee-montana-march
File name:ORDERS4500121785_PO_PRODUCTS_BESOMI_LLC.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:372'382 bytes
First seen:2020-10-15 13:01:03 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:gJIG+c1ThQaEJmUniA70KBW+1pXB0AGVJG/DDFqgaKlOl6tYMvGr2ES:5nEUn/70Kbj0nJjgaKluAqlS
TLSH 338423E70F4E41253AF706334045957B9E14B0FE7CAC03AAA4FA1DEB9787D6949A0828
Reporter abuse_ch
Tags:arj NanoCore


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.huincacoop.com.ar
Sending IP: 200.29.255.7
From: Fritz <fritz.e.besomi@gmail.com>
Subject: Order 4500121785
Attachment: ORDERS4500121785_PO_PRODUCTS_BESOMI_LLC.arj (contains "ORDERS#4500121785_PO_PRODUCTS_BESOMI_LLC.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59ea0bf567783d3322f67f7b638c33f08047e306e5684e734eaf217e405ad3f4/
Threat name:
ByteCode-MSIL.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 09:24:52 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lhvax5lhpa6tgixwp55whdbt6caepyyg4vue442ov4qx4qc22p2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/59ea0bf567783d3322f67f7b638c33f08047e306e5684e734eaf217e405ad3f4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 59ea0bf567783d3322f67f7b638c33f08047e306e5684e734eaf217e405ad3f4

(this sample)

NanoCore

Executable exe 92623796596c411c3458b0ba32673dfa0bb1fcdb5a2b42c07b0a3b9d6b044a21

  
Dropping
MD5 d4dca448733f1efa1bd5795ee6764be3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 92623796596c411c3458b0ba32673dfa0bb1fcdb5a2b42c07b0a3b9d6b044a21

Comments