MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 fa32a3064a94a3110b8acda764a1c3ee510da0e8991c0d13ccb9b49dedc4f492. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
NanoCore
Vendor detections: 5
| SHA256 hash: | fa32a3064a94a3110b8acda764a1c3ee510da0e8991c0d13ccb9b49dedc4f492 |
|---|---|
| SHA3-384 hash: | 10d438fdab4868affbff2ea5a424d96f20eecd823b4db86ef1dbfbdd4237af24f8fd3168d590bbea7b7a7a5ed095e054 |
| SHA1 hash: | 12ae862e8c965e7b963208fbe7f919f3fcc72049 |
| MD5 hash: | bb7de129e11fc4b183df2be13475db49 |
| humanhash: | alabama-alaska-mobile-beer |
| File name: | RFQ CL-2021 - 0188 ROCKWELL LAND (WEVER).xls.zip |
| Download: | download sample |
| Signature | NanoCore |
| File size: | 1'032'809 bytes |
| First seen: | 2021-08-03 06:20:23 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 24576:7lWYPeO5jeZxNfsILpEAS4nhKm7NvSAPRT+iExpT1t:xUO5jyNZBSAPV03D |
| TLSH | T1A225330C39187D245910D776980FA7ABD1FC2F916A86EF4B2CB9ECDD2B48C4A153172B |
| Reporter | |
| Tags: | NanoCore zip |
cocaman
Malicious email (T1566.001)From: ""Maricon Teodoro" <EXPRESS_ADG@ismarine.com.tr>" (likely spoofed)
Received: "from ismarine.com.tr (unknown [45.137.22.38]) "
Date: "03 Aug 2021 06:35:46 +0200"
Subject: "RFQ - ROCKWELL LAND "
Attachment: "RFQ CL-2021 - 0188 ROCKWELL LAND (WEVER).xls.zip"
Intelligence
File Origin
# of uploads :
1
# of downloads :
621
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Link:
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Zmutzy
Status:
Malicious
First seen:
2021-08-03 06:21:05 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
15 of 46 (32.61%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.