MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f36e385147d4fa99b57eea994cb9cca382f03e9dbc1c4277d859ec712b2de3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f36e385147d4fa99b57eea994cb9cca382f03e9dbc1c4277d859ec712b2de3f
SHA3-384 hash: c5ad57099ecd19bd06677f83141810b56ec024a995560fc10e8d5ca7cd780ba0b7f3b3320b9f1503d9dccf318a25badf
SHA1 hash: 4433b22f69e47697d27eded3d4704193a5b5a889
MD5 hash: 11c330f9cf6b9d5107bc2bb2bc683f71
humanhash: spaghetti-mango-alpha-timing
File name:MTIR18860_2101013335_209996759.PDF.IMG
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-20 07:51:43 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:UR9VZ1X3J6u7kj5L8Q3iw/8ws97x6FqOtTMPcJUIZxwJL9hp2:U37evR8pX6FbTSEwT
TLSH 5E457E1E67745FE6D92EAB31400632864036FCC32A52BB376F4876955A31A9C0CFB9C7
Reporter abuse_ch
Tags:AZORult img NetWire RAT SCB


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: server.gmdsa.us
Sending IP: 95.217.249.38
From: SCB <scbcampaign@mail.scb.co.th>
Subject: Credit Advice from SCB
Attachment: MTIR18860_2101013335_209996759.PDF.IMG (contains "MTIR18860_2101013335_209996759-PDF.exe")

NetWire RAT C2:
174.127.99.159:7882

AZORult C2:
http://www.kahtamarkalar.com/blx/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.772279.21675.13110.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 03:35:16 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b43ohbiupvh2tg2x52uzjs44zi4c6a7j3pa4ij35qwpmoevs3y7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 0f36e385147d4fa99b57eea994cb9cca382f03e9dbc1c4277d859ec712b2de3f

(this sample)

NetWire

Executable exe a4315c283bbfdb4d8272f5f490346ccd13071e732a8a6f710d900f556de752de

  
Dropping
MD5 eaa6452554d60862d5c6cf3442324737
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4315c283bbfdb4d8272f5f490346ccd13071e732a8a6f710d900f556de752de

Comments