MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf7af688d297ca1eacbc2efd5b148e849ebb04316756db7b210c3dfee9d9424c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf7af688d297ca1eacbc2efd5b148e849ebb04316756db7b210c3dfee9d9424c
SHA3-384 hash: cf9e362ce1387f913a011edf0683a64a068658d2c7ab5f9b4de76222f90b10dd4f8060bdd8b2cddc9e5127daaff4dc8e
SHA1 hash: 830c8ec4ec63400785315414a3a1a99de0afed81
MD5 hash: f4ea4581decf0c3d8d9e1231681cf236
humanhash: colorado-massachusetts-maine-spaghetti
File name:Shiping Doc BL.PDF.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:304'472 bytes
First seen:2021-01-03 14:38:55 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:7swFed8YMebTdoUgGxmaNi7x1LxHfevOtL2njF+OtvDqEGNntemGm0KhwM:lFeckTCoxNivLxHLyR+AvDqEGemGqt
TLSH 8B54235EB3875954114188D8FD0584BAD9F88EAFB12A2E204B7F2090727DDD576FF438
Reporter abuse_ch
Tags:NanoCore nVpn RAT z


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: server.banderketyry.ga
Sending IP: 92.53.120.78
From: TNT EXPRESS INC <tnt@banderketyry.ga>
Subject: Consignment Notification: You have A Package With Us
Attachment: Shiping Doc BL.PDF.z (contains "Shiping Doc BL.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
240
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.16128.9016.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf7af688d297ca1eacbc2efd5b148e849ebb04316756db7b210c3dfee9d9424c/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-01-03 14:39:04 UTC
AV detection:
10 of 45 (22.22%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x55pncgss7fb5lf4f36vwfeoqsplwbbrm5lnw6zbbq6752ozijga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bf7af688d297ca1eacbc2efd5b148e849ebb04316756db7b210c3dfee9d9424c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z bf7af688d297ca1eacbc2efd5b148e849ebb04316756db7b210c3dfee9d9424c

(this sample)

NanoCore

Executable exe d64a4482514be4bb53344b4712d850bb5ad28bd589a5cf3f4d2d966d2ea9ef65

  
Dropping
MD5 dde408276c4221fb18dbec881a1da4fd
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d64a4482514be4bb53344b4712d850bb5ad28bd589a5cf3f4d2d966d2ea9ef65

Comments