MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6570f58b6f07863bb032d581004cf4feb155520acbeca0a2dad03caed8da83a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6570f58b6f07863bb032d581004cf4feb155520acbeca0a2dad03caed8da83a0
SHA3-384 hash: 00641f6305c20999e22d5e2af96db561434a426fda7bf65b9dcf7db59cef2f78106e4029f0e8c7c83caf9706e995927d
SHA1 hash: 408e82006c949f450cf83a50f35cd3c1ed492229
MD5 hash: a377a7f2de76708bcc70aa8b9b6ebc43
humanhash: sad-mockingbird-network-river
File name:dhl file.exe
Download: download sample
File size:628'736 bytes
First seen:2020-08-18 14:30:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2b290768eafbb705c7e690f1d0eb5f5a (3 x AgentTesla, 1 x MassLogger)
ssdeep 12288:mspb0/ndi6xf0yXplPXT9tgb5hDCRdsBbK/Ax:msp4fpf0CvhtAFb
Threatray 1'273 similar samples on MalwareBazaar
TLSH F1D48D73B2E0443FD173DA7D9D1B6368983ABE112E2B98466BE41C4C8F3A65139352C7
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/47950/
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6570f58b6f07863bb032d581004cf4feb155520acbeca0a2dad03caed8da83a0/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 14:30:16 UTC
File Type:
PE (Exe)
Extracted files:
60
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mvyplc3pa6ddxmbs2waqathu72yvkuqkzpwkbiw22a6k5wg2qoqa._file
Verdict:
unknown
Similar samples:
035240368a5b062efdf9d365e73e753df545378a28989c6b325e6d5b4da1e73a
0a5aeb2fd821445c11ffef34fb3ad5b126971bd3f7b49860892072cb75abe79d
210560d23e3c023c90bd24ed0d76c68732dc267277fc6adcc3c991cb611bb06a
26e7e2592001dcae03d24805daf839378a61263b2aab7a6d7db204088833f946
3da7c55aab706ac053ca313cc24d065983e8eaed5172366e93fdf8b2d644f829
3fd662d7caf82ecc8b61b4fa261bc51510851aa36099a85f66c2689c507e11d7
410d119f0a143a7b3bb2f6cbf97f05667edba888e973858e0759c3c35db103be
4dd2b414c77ad5e60685dd8afbb92d5bf6e3ed11edfa368ae0b8b042c7cec53b
52e864374ebb34727b88f278970946520a53383c0b7e85dbbc664b45329616e3
d00396bdc41d762fcc1612605e951071919d7bb0fbce02491c805d2d42d767a4
+ 1'263 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200818-whamwtzyye/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NanoCore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6570f58b6f07863bb032d581004cf4feb155520acbeca0a2dad03caed8da83a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/47950/

Comments