MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 660ed1212946515555c75ec217ce99c1a53568837f1c1bbff9a0f49c9afd1fb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 660ed1212946515555c75ec217ce99c1a53568837f1c1bbff9a0f49c9afd1fb5
SHA3-384 hash: d029f851057987a34eb6912c3c3c92b7b4e1566b76ae8d07407b795d2058c85b425c304510bacd262759cd223f00b1fd
SHA1 hash: ee1f2d17e53181e349ea91abe1baba1e53f5e7b9
MD5 hash: 605a2a5c72f781d5594fde7f1495706c
humanhash: whiskey-mobile-romeo-yankee
File name:DHL ShipmentDHL Shipment 237590.pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:407'106 bytes
First seen:2020-11-15 06:45:25 UTC
Last seen:2020-11-15 12:10:49 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:s9q5+UzS4GiMXgyuzU4U5OUYSWmixzTtY:B+baieq+SXeW
TLSH 1E8423C902C8250C38372DA9904E5483ABF7A85A1DE97F47BD04E7B7A9C3E9431764A6
Reporter cocaman
Tags:NanoCore zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""DHL Express" <sales@gommcp.com>" (likely spoofed)
Received: "from [37.46.150.144] (unknown [37.46.150.144]) "
Date: "14 Nov 2020 20:32:02 -0800"
Subject: "=?UTF-8?B?57Sn5oClIC0gREhMIFNoaXBtZW50IERvY3VtZW50?="
Attachment: "DHL ShipmentDHL Shipment 237590.pdf.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/660ed1212946515555c75ec217ce99c1a53568837f1c1bbff9a0f49c9afd1fb5/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 06:46:05 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=myhncijjizivkvohl3bbptuzygstk2edp4obxp7zud2jzgx5d62q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 660ed1212946515555c75ec217ce99c1a53568837f1c1bbff9a0f49c9afd1fb5

(this sample)

NanoCore

Executable exe 44163384a787d9f25f4c2616dfec47d802e129b3d99464d23288667188d2ac49

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44163384a787d9f25f4c2616dfec47d802e129b3d99464d23288667188d2ac49
  
Dropping
NanoCore

Comments