MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66f09ab508ddb14fe044bff166ebdcd0252ca8a284b674074feaa1f931d5eca4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66f09ab508ddb14fe044bff166ebdcd0252ca8a284b674074feaa1f931d5eca4
SHA3-384 hash: 4871768aebc150bbcd5c324d5fb8c56713ed764a7aa8cec7211ad8e5d061f33bba08aef0f34ba406de65822f9a353bcc
SHA1 hash: db71638eac4f9f642a9ba52d17c9eb9dad80fee2
MD5 hash: 65e6b7fa80ac7c2974e0654a278048f4
humanhash: montana-johnny-fanta-fruit
File name:Mwasiti Mnindy.7z
Download: download sample
Signature NanoCore
Create hunting rule
File size:475'319 bytes
First seen:2021-05-25 08:23:35 UTC
Last seen:2021-05-25 09:02:32 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:4ZSYBeZIufDXasjSJz2bklwlVKKZhADRI1dVu:e5QZIufOsjyz2b1lTADRIPVu
TLSH 2EA4235920B727338462266EB30EF0C7E10907A3D474F9949CD85AED26EE506D1FEDB4
Reporter cocaman
Tags:7z NanoCore


Avatar
cocaman
Malicious email (T1566.001)
From: "Mwasiti Mnindy" <muingiliano@gmail.com>" (likely spoofed)
Received: "from tsrapparels.com (unknown [194.30.246.194]) "
Date: "24 May 2021 14:19:19 -0700"
Subject: "Re:job as a Human Resources Officer"
Attachment: "Mwasiti Mnindy.7z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/66f09ab508ddb14fe044bff166ebdcd0252ca8a284b674074feaa1f931d5eca4
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66f09ab508ddb14fe044bff166ebdcd0252ca8a284b674074feaa1f931d5eca4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-24 14:43:47 UTC
File Type:
Binary (Archive)
Extracted files:
66
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m3yjvnii3wyu7ycex7ywn2642asszkfcqs3hib2p5kq7smov5ssa._file
Result
Malware family:
nanocore
Create hunting rule
Score:
  10/10
Tags:
family:nanocore evasion keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210525-25z3jld7jx/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Checks whether UAC is enabled
NanoCore
Malware Config
C2 Extraction:
joetrump2022.ddns.net:7600
194.5.98.23:7600
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/66f09ab508ddb14fe044bff166ebdcd0252ca8a284b674074feaa1f931d5eca4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 66f09ab508ddb14fe044bff166ebdcd0252ca8a284b674074feaa1f931d5eca4

(this sample)

NanoCore

Executable exe ee5022f11104027ff47fe97d5785ac9830c5763db5395476d09a1fd58bbd1fbd

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee5022f11104027ff47fe97d5785ac9830c5763db5395476d09a1fd58bbd1fbd
  
Dropping
NanoCore

Comments