MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba4a9efc049a0054b26686a37bbf44eb7aae8a9245eee697c8a4c70460a506b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba4a9efc049a0054b26686a37bbf44eb7aae8a9245eee697c8a4c70460a506b4
SHA3-384 hash: dde9fbd00313a0404c9fd8331ff574c45ff1a18e839584a71e3e4bdd6cd2eed1034e61e325e4d2444d751b1db4834f5a
SHA1 hash: 3151ef4bcf455e9fa0dcbb6c115434bb2d0c20ae
MD5 hash: 2b163c9d080b1e55cf46f9b175c4dede
humanhash: hamper-nevada-black-table
File name:SWIFT TRANSFER.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:279'083 bytes
First seen:2020-10-06 18:24:25 UTC
Last seen:2020-10-07 05:01:49 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:sAFI0x6Gh/D+ay4tF0oTfp9weRImsaUt9q0kaO/qc9k:sAzx6GqYT0eRIVaUvkaOle
TLSH CC5423A1CEBE88AFD763113AA5B4189DB994BC2436A273FE129CA77B431DCF5001D470
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: telkomsa.net
Sending IP: 95.211.208.23
From: mahindranorthcoast@telkomsa.net
Subject: FW: SOA Review Done : Inter Bank Transfer(IBG) URGENT
Attachment: SWIFT TRANSFER.zip (contains "SWIFT TRANSFER.exe")

Intelligence

File Origin
# of uploads :
3
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba4a9efc049a0054b26686a37bbf44eb7aae8a9245eee697c8a4c70460a506b4/
Threat name:
Win32.Infostealer.Coins
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 14:45:31 UTC
File Type:
Binary (Archive)
Extracted files:
59
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xjfj57aetiafjmtgq2rxxp2e5n5k5cusixxonf6iutdqiyffa22a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ba4a9efc049a0054b26686a37bbf44eb7aae8a9245eee697c8a4c70460a506b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip ba4a9efc049a0054b26686a37bbf44eb7aae8a9245eee697c8a4c70460a506b4

(this sample)

Formbook

Executable exe ec4ee2fa916e9fc280f06af0ceded7835693723ebbc6c60bd6e371b5d4ad006a

  
Dropping
MD5 b66ea2403a923c0105ad0559e9f6e53b
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec4ee2fa916e9fc280f06af0ceded7835693723ebbc6c60bd6e371b5d4ad006a

Comments