MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba94309be784e35da69f84051c674a914594645e9d0cf42508408cb033b14e55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba94309be784e35da69f84051c674a914594645e9d0cf42508408cb033b14e55
SHA3-384 hash: 7c93070db73cc6e0488fb3ef849975cfbdb62a921fe6b030d257548b0b07f09507aebe30ab0df9cb016e68d37c772f5b
SHA1 hash: 791eb956d0e69cd90ff790957e3af4b6b4752b43
MD5 hash: aaaf781ed476d1643899707e91895c77
humanhash: hamper-blue-papa-victor
File name:MARIAM HONAINE'S CV.7z
Download: download sample
Signature NanoCore
Create hunting rule
File size:519'841 bytes
First seen:2022-05-12 09:38:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:wZzTVeMEzm/miFUyv7BfxS/d3jeRgCkurxY:wZH0MUAtiyvtfEV3jeR6u1Y
TLSH T18AB4237C05EE566FB05BAC95B8F38D5A1E8093353AC55A09C0D63E128B9775CCCABB0C
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
230
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed replace.exe
Link:
https://www.filescan.io/uploads/627cd5da804c0977d3e54794/reports/e59506df-b3e5-4d44-bfc3-c14e77ce0afd/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/ba94309be784e35da69f84051c674a914594645e9d0cf42508408cb033b14e55
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba94309be784e35da69f84051c674a914594645e9d0cf42508408cb033b14e55/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2022-05-12 09:21:05 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
9 of 41 (21.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xkkdbg7hqtrv3ju7qqcryz2ksfczizc6tugpijiiicglam5rjzkq._file
Result
Malware family:
nanocore
Create hunting rule
Score:
  10/10
Tags:
family:nanocore evasion keylogger spyware stealer suricata trojan
Link:
https://tria.ge/reports/220512-lml1dsbhe8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Checks whether UAC is enabled
NanoCore
suricata: ET MALWARE Possible NanoCore C2 60B
Malware Config
C2 Extraction:
deranano2.ddns.net:1187
194.31.178:1187
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ba94309be784e35da69f84051c674a914594645e9d0cf42508408cb033b14e55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

NanoCore

zip ba94309be784e35da69f84051c674a914594645e9d0cf42508408cb033b14e55

(this sample)

NanoCore

Executable exe dd810d37c396be1e34d2fe8b76c5ff30c17b6bb64afcc1c682182fb6934a3f60

  
Dropping
SHA256 dd810d37c396be1e34d2fe8b76c5ff30c17b6bb64afcc1c682182fb6934a3f60
  
Dropping
MD5 06981ba465eb7eca5e8da7572511e3d1

Comments