MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 749ad91f3258c1ad46fa487860ce31df092ab8f8674a7498cff6fbf79348cbb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 749ad91f3258c1ad46fa487860ce31df092ab8f8674a7498cff6fbf79348cbb5
SHA3-384 hash: 6bd919c3726ed27fe1936f113308a60b53423d146b2bbd3894a812a23bb92ca3a300ea4e2bf752bd9481a4344455e773
SHA1 hash: e185f70561034640259d4cc7d5cc59f0c7dcb412
MD5 hash: 65134ab03d5750686981d37f65b831ef
humanhash: cup-social-ohio-mockingbird
File name:PO_6620200947535257659_Arabico.PDF.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:6'010'880 bytes
First seen:2021-03-22 07:27:25 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 98304:dy3JZBBnaV4FuXArVamyXsqejq5V15Ooa+WIIpoD3nSnLo+io3VAp+HD:dy3nBo9mBqejq5y+WISuiLo+sMj
TLSH BD56F14DBB987E5BC12A8F718027995482E8C5676373F30F78C1ECCAAA353950D1F692
Reporter abuse_ch
Tags:iso NanoCore


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: [89.41.26.168]
Sending IP: 89.41.26.168
From: Purchase <purchase@arabico.ae>
Subject: URGENT QUOTATION - arabico company dubai
Attachment: PO_6620200947535257659_Arabico.PDF.iso (contains "PO_6620200947535257659_Arabico.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts64.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/749ad91f3258c1ad46fa487860ce31df092ab8f8674a7498cff6fbf79348cbb5/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 07:28:07 UTC
AV detection:
12 of 47 (25.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=osnnshzslda22rx2jb4gbtrr34esvohym5fhjggp6357pe2izo2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/749ad91f3258c1ad46fa487860ce31df092ab8f8674a7498cff6fbf79348cbb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 749ad91f3258c1ad46fa487860ce31df092ab8f8674a7498cff6fbf79348cbb5

(this sample)

NanoCore

Executable exe 5a9851575ac7feaabfd484aee3296eea2b2b18c04609a8fe1e1953f847f2c428

  
Dropping
MD5 67529c759d8fca643c7a9b4d35442af2
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a9851575ac7feaabfd484aee3296eea2b2b18c04609a8fe1e1953f847f2c428

Comments