MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1821c76e7fd8ea62e22567fbacadaea756aa9120e4a89898256a6c83ddbb7b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1821c76e7fd8ea62e22567fbacadaea756aa9120e4a89898256a6c83ddbb7b6
SHA3-384 hash: 7c96dd4048c8d3adc26028f3e3650d2a9b35d04271021d4366af1ef0b060e7226ee4d3f195eb3c67aa363bea932b4973
SHA1 hash: 89ef9068266241b07809cd271df440a537baed3a
MD5 hash: d2670da998c7372725797fdbf8905765
humanhash: lithium-ink-timing-high
File name:Quotation ATB-PR28500KINH.r11
Download: download sample
Signature NanoCore
Create hunting rule
File size:619'278 bytes
First seen:2020-11-20 07:48:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+GwpvjO++kIcxd924hiXLui6YkqPJsA6nbZtMN:+pirjqNI796YTPONdtMN
TLSH 9ED4232F43F483BE528799F15DE0CE6B256505C02C3C3A1B3A1ADE3AA885B7B15246F5
Reporter abuse_ch
Tags:r11


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.authight.com
Sending IP: 45.85.90.125
From: marmoles@gruposanmarino.com
Reply-To: office@amianeen.com
Subject: Urgent Quotation Product
Attachment: Quotation ATB-PR28500KINH.r11 (contains "Quotation ATB-PR28500KINH.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a1821c76e7fd8ea62e22567fbacadaea756aa9120e4a89898256a6c83ddbb7b6/
Threat name:
ByteCode-MSIL.Hacktool.Mimikatz
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 00:05:34 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ugbby5xh7whkmlrckz73vsw25j2wvkisbzfitcmck2tmqpo3w63a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar a1821c76e7fd8ea62e22567fbacadaea756aa9120e4a89898256a6c83ddbb7b6

(this sample)

NanoCore

Executable exe 749b86298b1735b41e92eef8b48c0aa38f1d7fa55bd0958b7b752bfcb5cb5a87

  
Dropping
MD5 03c41991be46edacb01b18d7ffe97b33
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 749b86298b1735b41e92eef8b48c0aa38f1d7fa55bd0958b7b752bfcb5cb5a87

Comments