MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba342ab5e659c9ef3ccde3b77bdca2dd7b175cc895ea49ae92b09487817e4377. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba342ab5e659c9ef3ccde3b77bdca2dd7b175cc895ea49ae92b09487817e4377
SHA3-384 hash: b36a6c429fda67da261d9d529effe933076966e4a93a23e6ee1d42c9e19c6df3d38e92d01b9a8d29cc29617d1d51b791
SHA1 hash: 9ab3616d6dd427b2a0fa793beffc490e801764f8
MD5 hash: 2327a782f4b41f48096176cc89fe2a04
humanhash: mexico-louisiana-hydrogen-wyoming
File name:invoice copypdf.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:448'570 bytes
First seen:2020-12-03 16:45:39 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:qboMR+S8Zf2EpsmgAafSmrg0Bw66X/I3mQsC7VBYGOeD/R+ZIGBrhbZzjH+GNSfe:qIddFovM26A3mQJxBES/RCrHzjJEvvm
TLSH 9094238ECEFAE5302F061036E182A3972560A47FE701498FDE48DE67D9511F439BD2CA
Reporter cocaman
Tags:NanoCore z


Avatar
cocaman
Malicious email (T1566.001)
From: "Account Department <rud-division@alkuhaimi.com>" (likely spoofed)
Received: "from alkuhaimi.com (unknown [45.137.22.56]) "
Date: "3 Dec 2020 16:02:27 -0800"
Subject: "=?UTF-8?B?Rlc6IOWbnuWkjTogcGFpZCBpbnZvaWNl?="
Attachment: "invoice copypdf.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
219
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba342ab5e659c9ef3ccde3b77bdca2dd7b175cc895ea49ae92b09487817e4377/
Threat name:
ByteCode-MSIL.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-12-03 16:46:05 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xi2cvnpglhe66pgn4o3xxxfc3v5roxgisxvetluswckipal6in3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ba342ab5e659c9ef3ccde3b77bdca2dd7b175cc895ea49ae92b09487817e4377

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z ba342ab5e659c9ef3ccde3b77bdca2dd7b175cc895ea49ae92b09487817e4377

(this sample)

NanoCore

Executable exe f5a3dd00f81ba52acfebfb4edd2a71f346174596c885e38763cf54c05f28911c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f5a3dd00f81ba52acfebfb4edd2a71f346174596c885e38763cf54c05f28911c
  
Dropping
NanoCore

Comments