MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abd19a8615edd84adb5f0e3356fb7ef43036dacb2510eb170b94c073a365ab27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abd19a8615edd84adb5f0e3356fb7ef43036dacb2510eb170b94c073a365ab27
SHA3-384 hash: 1648918891cf4e2c798460af63b51f2c44eef06225ea2423cf710871bfa8811936900d46d72d8da4caab22a385a6b761
SHA1 hash: bf25d9faaff6162a45ec16eec8862e8fbfa8cbb3
MD5 hash: b1fe33f1db8499288b4a49d809c98131
humanhash: aspen-north-thirteen-iowa
File name:Proof Of Payment.xz
Download: download sample
Signature NanoCore
Create hunting rule
File size:743'460 bytes
First seen:2020-10-26 14:31:42 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:QfREYQ5dK1Y4XsvtsN2Y+z64lO2uYq8ToqUtH+W5axH6RAuCHFxCw1zibXfrIuOc:QfREf5P9O2Y+zDaUMqUx+f/uVBt
TLSH 34F42323A8FFC4CE87755A5681D68E74CF180A1F1658BD6C3E5C0063A2971B72DBE18E
Reporter abuse_ch
Tags:NanoCore xz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.ndmpef.tk
Sending IP: 192.236.193.72
From: sales@avautos.co.za<sales@avautos.co.za>
Reply-To: <sales@avautos.co.za>
Subject: FW: Proof Of Payment
Attachment: Proof Of Payment.xz (contains "Proof Of Payment.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/abd19a8615edd84adb5f0e3356fb7ef43036dacb2510eb170b94c073a365ab27/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 06:56:53 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vpizvbqv5xmevw27byzvn6366qydnwwleuiowfylstahhi3fvmtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

xz abd19a8615edd84adb5f0e3356fb7ef43036dacb2510eb170b94c073a365ab27

(this sample)

NanoCore

Executable exe c8be9dc730d65a14f19a17df74d074683ef2f6b479f7628f4f4a7b2231a2ea8a

  
Dropping
MD5 1fd91eb2f777016e4a0b904deeab3e5c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8be9dc730d65a14f19a17df74d074683ef2f6b479f7628f4f4a7b2231a2ea8a

Comments