MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba2970f451e208bde517ed46ca8f7a55263d122a11bedaaf8188ff2a34c609d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba2970f451e208bde517ed46ca8f7a55263d122a11bedaaf8188ff2a34c609d5
SHA3-384 hash: 1af0db32eea4f11f4b0b619f6813eabb54faa4d5f54655fa854045600b9eb4697a0f9cccda0b9937c7da4aec15f3350d
SHA1 hash: ddb5fad574b867ad8e3802052e560f55e200505d
MD5 hash: 1aa528ae0762cc74e119112dd15e5bc8
humanhash: bakerloo-diet-wolfram-west
File name:PO,,, Quote No. 291177_255564GYH01 1192643-2152021,pdf.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:759'808 bytes
First seen:2021-02-15 19:48:58 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:Dc3yHyluF1BPZtZBarirFMwiJhL5xXQzYgo8XnLkZqrXhvVl:CyHygFTxIirXizjXQzYaLkZoXx
TLSH 1AF40189FB5092A9DC2D67702836C83019237C39A1B5571D3ECE3E6B3FB73A29112657
Reporter abuse_ch
Tags:iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: learsoft.com.ar
Sending IP: 190.210.215.185
From: ZIAS-MACHINERY PURCHASING TEAM <chris.z@zias-machinery.com>
Subject: PURCHASE ORDER-291177
Attachment: PO,,, Quote No. 291177_255564GYH01 1192643-2152021,pdf.iso (contains "PO,,, Quote No. 291177_255564GYH01 1192643-2152021,pdf.scr")

NanoCore RAT C2:
newlogs.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_pdf.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Packed2.42845.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba2970f451e208bde517ed46ca8f7a55263d122a11bedaaf8188ff2a34c609d5/
Threat name:
ByteCode-MSIL.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-02-15 15:17:59 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xiuxb5cr4iel3zix5vdmvd32kutd2erkcg7nvl4brd7sunggbhkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ba2970f451e208bde517ed46ca8f7a55263d122a11bedaaf8188ff2a34c609d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso ba2970f451e208bde517ed46ca8f7a55263d122a11bedaaf8188ff2a34c609d5

(this sample)

NanoCore

Executable exe 1e84802e4da3346e3e59e6da6054df5e2dd12b5a8b4df058cef5a43108cf07df

  
Dropping
MD5 9df5e54a0aca7bcce788eb771bf399fd
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1e84802e4da3346e3e59e6da6054df5e2dd12b5a8b4df058cef5a43108cf07df

Comments