MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 796f39a22ef929fb63d7d51181ca0501fa9ddf2f48e9df1c1e0e5183731b2d4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 796f39a22ef929fb63d7d51181ca0501fa9ddf2f48e9df1c1e0e5183731b2d4d
SHA3-384 hash: 4084f0903c2664c9b089a8da09c241a9b4d89976df53e747f1bc57e6a2513e02f5c36ccc80f10b3dd024e0506ce236ca
SHA1 hash: 21ec6ce48153f20575b57b8b6d5855731e5cfb24
MD5 hash: 28ad0cd53851b9f95638c150a2a60816
humanhash: mexico-enemy-william-skylark
File name:28ad0cd53851b9f95638c150a2a60816
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'027'415 bytes
First seen:2022-12-01 00:15:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:CwUTyeJYJ6qDDVzPePZtpg/znHsJaAO6XU1LSQqCrr:zUTXJe6qDBrcZ/gbnoaAOKQqCrr
TLSH T19E253312590C3E0F617DA6E0E6FD5ABCEB8ADB31C3D305824535D290259F54BAFCCA91
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter zbetcheckin
Tags:NanoCore zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
File Archive Information

This file archive contains 32 file(s), sorted by their relevance:

File name:tmoskqvhgk.xls
File size:501 bytes
SHA256 hash: 8707857aa5cbc622c90867a9fbc9e9883d36363d15f680fe31b86ef05bfbc3e8
MD5 hash: 12ce7af16bf8b91afcdad8affc010af4
MIME type:text/plain
Signature NanoCore
File name:erovgptdv.mp3
File size:96'231'002 bytes
SHA256 hash: d8f10bfc38580231755a86ccd651512b990d5aadc0248977a6e2153e26bb8025
MD5 hash: c43678e9746e9ac9c92a3a4ff59e65af
MIME type:application/octet-stream
Signature NanoCore
File name:unxbvqtr.msc
File size:52'170 bytes
SHA256 hash: ec8731a8962951860f833bfd7f80d338b091181bb97f471213207c40af4e3df8
MD5 hash: a45453fef6a35f6e243087732ef43760
MIME type:text/plain
Signature NanoCore
File name:qwxrdnc.txt
File size:727 bytes
SHA256 hash: 3c65e27ae71f2e1008589fbe7d5042db438ff7184e0d510f6b52d8330c9bcbe6
MD5 hash: f382acccf3afc9ac5448790afc8e38a4
MIME type:text/plain
Signature NanoCore
File name:htqeepkr.docx
File size:505 bytes
SHA256 hash: 9f0ef7152c5a9917fe9f1adbc46e8c146daa7bf0460448eab034a9d7c06722a1
MD5 hash: 5041f713f7dcfd448c8b12679191533e
MIME type:text/plain
Signature NanoCore
File name:lodtkbxjcj.exe
File size:612 bytes
SHA256 hash: c5d9db94181b063ebc5988138334f38ac2d834ac052cc307e04791eb3af9a730
MD5 hash: 69f80a1625d2126b60e67fd1933f4207
MIME type:text/plain
Signature NanoCore
File name:idbepjpke.xl
File size:556 bytes
SHA256 hash: a5f129120e29fb15b808584ff5e826f6d07c5087928c139e955a41881c003e77
MD5 hash: 3ab5f6dfe64c9b8de91b073157e7db56
MIME type:text/plain
Signature NanoCore
File name:xbkfqquh.pdf
File size:608 bytes
SHA256 hash: d9f048b7e83e4c30f0e3292684e469c2eea180cd35feb3505e96693a122031f5
MD5 hash: 468ba215c2c9bf488c6f6e986d45dc28
MIME type:text/plain
Signature NanoCore
File name:csgnet.xls
File size:511 bytes
SHA256 hash: 32bfa385ea7c097b74568079a61cadbd669d52c5dc0d22be5cc2271be39e7ffb
MD5 hash: c4b043c58999953bf79ee2871814344e
MIME type:text/plain
Signature NanoCore
File name:tvfxjqf.bin
File size:577 bytes
SHA256 hash: 595a7ac8441de74b58c3f859775dd92e8d91f62924bcabb4364b8202ac4d865f
MD5 hash: 8cd9d18f84143424bdbb73fa0248c3b7
MIME type:text/plain
Signature NanoCore
File name:dpxfojqmao.jpg
File size:541 bytes
SHA256 hash: 6c3991a9aaee4c1f9d42cbdd8dc42a2fe8a973e57b52057e4192a04b4a72d355
MD5 hash: 40366a273ccc3b62210d6583988f90b0
MIME type:text/plain
Signature NanoCore
File name:wmurkivjpc.msc
File size:517 bytes
SHA256 hash: 0ecf41533e6c18b14afe26651e0055f3f315521071b04a683147568807a25b4a
MD5 hash: 5a6951770a9435396160a8699b0ed298
MIME type:text/plain
Signature NanoCore
File name:plwvglpjf.dat
File size:694 bytes
SHA256 hash: e77cd5e378f550642c53bc773b40f07a9f844a312ff0e4010e52cb4e3772482f
MD5 hash: 69301c3ad434ae911564da4ca5408717
MIME type:text/plain
Signature NanoCore
File name:qtsjhal.xml
File size:598 bytes
SHA256 hash: 9e8d8b3c3ee6fa16865e05e353b8b6b3553c6a0ff32474cfb9a62b594be1a226
MD5 hash: 2655273d40745f4969b26d9d61b0eba7
MIME type:text/plain
Signature NanoCore
File name:tbtjae.msc
File size:624 bytes
SHA256 hash: c62873d3b0be064e7db1ebf7d657f616e2d4a75d2e08618955ad9c8b82206f2b
MD5 hash: d48302a4a9c3a70d1a3dbf539a63c4d3
MIME type:text/plain
Signature NanoCore
File name:djetqlklg.xml
File size:624 bytes
SHA256 hash: 9384551d7b408dd764979f01df288d979c350660175c2baa5165bee7c0ebaf57
MD5 hash: b145da6315f2e809849bb62c76c04720
MIME type:text/plain
Signature NanoCore
File name:hvceeho.ppt
File size:643 bytes
SHA256 hash: a9d0bb4f6f104e74ef0fbde3ac4a7809dbb187ad0187d6777cb3392b21cb2a27
MD5 hash: eb3dcf5aec8e4bb7bc6c642100979a34
MIME type:text/plain
Signature NanoCore
File name:kvum.xml
File size:623 bytes
SHA256 hash: b700c08da20a9443c32edc1a8a8022757c7c7aab29004d7d345be044f649c34c
MD5 hash: bb2438a0442d87fdf4d5882bd5f544de
MIME type:text/plain
Signature NanoCore
File name:jvudqinxb.xl
File size:661 bytes
SHA256 hash: 8bd0c61dd5ab4dc1ed2e1c079e4bb0ea6dfef91e443aeedc447a2979050df44b
MD5 hash: 624872749028b73e0a2b1f3caddb62b5
MIME type:text/plain
Signature NanoCore
File name:bkwajwr.docx
File size:696 bytes
SHA256 hash: 5689bb75f941144795290bb557bd5b74a2cc833480444125fae805104fea7f02
MD5 hash: 7b3847d7992b96b84e2d5b5617f787a1
MIME type:text/plain
Signature NanoCore
File name:lbjedtahbv.exe
File size:965'044 bytes
SHA256 hash: 9fc7375923bd996c3faf56495f07ab665d0e07cd311874b0c841959f99792907
MD5 hash: e8273675c4c1675943e9bdcf90ab97af
MIME type:application/x-dosexec
Signature NanoCore
File name:gbee.dll
File size:546 bytes
SHA256 hash: d096b08b6524eaddc4c6319e1e929927a94c0339a5353c05bde0d4af3acb52e9
MD5 hash: 79fc9193d1665394721f61bb3986c451
MIME type:text/plain
Signature NanoCore
File name:kxbcgbtm.xls
File size:740 bytes
SHA256 hash: 28e5edabdc7bc4e05c1ae34e094c0353e06a947506c88ed6ea74e6ef0cbf2b4b
MD5 hash: 2eec25f97b268955a0112f3020963007
MIME type:text/plain
Signature NanoCore
File name:luwincfe.xml
File size:546 bytes
SHA256 hash: 35aa0bf8bbaa990329f664f021ec1dd6083dc523bc7afcf886c79faa0f03e45e
MD5 hash: 5a56cefdb127b53db6891194b5d45fdd
MIME type:text/plain
Signature NanoCore
File name:tnboas.xke
File size:428'573 bytes
SHA256 hash: 9c03de5ead6a9cff7e1994f76dd81bce49a8fd6f6895f6a6116609d947d667a5
MD5 hash: 4df3ef316de715e1f82556250827dc9c
MIME type:text/plain
Signature NanoCore
File name:mgknj.xls
File size:591 bytes
SHA256 hash: ecf029e7c785af1916e60f598e1b3372eb929f7ba462275b1fd5bb3c74cad67f
MD5 hash: 10e1147235b47c1351d1be7c5585e460
MIME type:text/plain
Signature NanoCore
File name:dtfh.bin
File size:604 bytes
SHA256 hash: 8beb651b49977a2a63f344d43e96f4d74468a7751cd13381d92edd33f3378961
MD5 hash: c674f4a16541b94ec0a672725dcff2b0
MIME type:text/plain
Signature NanoCore
File name:poustmi.vbe
File size:70'718 bytes
SHA256 hash: 5776001bf988fd4c14d9ae098eef0a9227e7033e8d0fbc70dea5573da6fd50a4
MD5 hash: 67c05f68180e2eb78461c027eb98149e
MIME type:text/plain
Signature NanoCore
File name:wgccw.xml
File size:621 bytes
SHA256 hash: c17c39b5e4fe1ec91468e880cbc3d1960938a715fcfb9921ebea799072d96552
MD5 hash: 692626f291b3451b07c70baff345a052
MIME type:text/plain
Signature NanoCore
File name:gsreflbjaf.mp3
File size:709 bytes
SHA256 hash: 3728e98daa719ec08e67b52e9af388d37b5225bad7304bab2a031e1e3b46ac2c
MD5 hash: 4ef080f5a221bfd3423b7d850de13712
MIME type:text/plain
Signature NanoCore
File name:fqxwgllvth.txt
File size:723 bytes
SHA256 hash: dae859fc37e9308ee13a5e6b05550125eda6095f860f7c2ea2092cd78e7c8d08
MD5 hash: 765b5ac8fe9be4e993a9d9262cf5083e
MIME type:text/plain
Signature NanoCore
File name:gdwgren.docx
File size:573 bytes
SHA256 hash: e33aa393a54d7922b107b5d3642d4bdb10c3f1e96a95ad386dbf33f4368e02ac
MD5 hash: d6efcc6d8e240402747165c4cf086840
MIME type:text/plain
Signature NanoCore
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_numletscr.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Gen.Variant.Johnnie.221809.751.14920.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed setupapi.dll shdocvw.dll shell32.dll
Link:
https://www.filescan.io/uploads/6387f244090ea3f04935227e/reports/3eecd553-d5a4-496e-9563-b4c6f70532bd/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/796f39a22ef929fb63d7d51181ca0501fa9ddf2f48e9df1c1e0e5183731b2d4d
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/796f39a22ef929fb63d7d51181ca0501fa9ddf2f48e9df1c1e0e5183731b2d4d/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2022-11-30 19:21:47 UTC
File Type:
Binary (Archive)
Extracted files:
59
AV detection:
22 of 41 (53.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pfxttiro7eu7wy6x2uiydsqfah5j3xzpjdu56ha6bziyg4y3fvgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/796f39a22ef929fb63d7d51181ca0501fa9ddf2f48e9df1c1e0e5183731b2d4d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NanoCore

zip 796f39a22ef929fb63d7d51181ca0501fa9ddf2f48e9df1c1e0e5183731b2d4d

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2440276/

Comments


Avatar
zbet commented on 2022-12-01 00:15:37 UTC

url : hxxps://litter.catbox.moe/ysziws.z