MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c701c490d088152e4a1fb24f623ef55de07f997f8dfe76ca1b4bca0f4996e96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c701c490d088152e4a1fb24f623ef55de07f997f8dfe76ca1b4bca0f4996e96
SHA3-384 hash: 48b1bfeba30dfd7e05ae1e5f3d22c9acc958590553adbb98b0574863f0e5751f77dc610cd4350cf7c1a1ba68b10a06a9
SHA1 hash: fee0aab5cd90c863a6a6bdc980158c2b01b1ac8f
MD5 hash: 36718180d0f4f928675ca6b5d7c87b0b
humanhash: kansas-william-bulldog-nineteen
File name:DOC8743340924789.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:6'004'736 bytes
First seen:2021-03-22 07:28:17 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 98304:oS/Sg19q//qJVXE+/rC7T/CufPXe0Gt4VPN4cEgeJqZFBZz0KcUMCTI56p:oSag19q//eEaCCufPOz4V1BEgHZF/YKj
TLSH 1B56F149B7A86E4BD11E0B758463D95C82E0E5A66333F35F39C7BCD9A9313A58C0F092
Reporter abuse_ch
Tags:iso NanoCore


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.ge-ticaret.com
Sending IP: 203.159.80.130
From: Ronald Rina <rrina@smediasys.com>
Reply-To: rrina-smediasys@post.com
Subject: Request For QUOTE (INNOVATION PROJECT)
Attachment: DOC8743340924789.iso (contains "DOC8743340924789.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c701c490d088152e4a1fb24f623ef55de07f997f8dfe76ca1b4bca0f4996e96/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 02:27:03 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=trybysinbcavfzfb7mspmi7pkxpap6mx7dp6o3fbws6kb5ezn2la._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/9c701c490d088152e4a1fb24f623ef55de07f997f8dfe76ca1b4bca0f4996e96

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 9c701c490d088152e4a1fb24f623ef55de07f997f8dfe76ca1b4bca0f4996e96

(this sample)

NanoCore

Executable exe 69fa6ebff614598a1243cb00bc9a7c69e60fca3c3fd93da4157c418d202f1542

  
Dropping
MD5 4af77a57050c44c1a52dfaa88ee8428b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69fa6ebff614598a1243cb00bc9a7c69e60fca3c3fd93da4157c418d202f1542

Comments