MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b2073dc1d040030490fc5ccd754120af88334825c88ee088539122aeece4e86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b2073dc1d040030490fc5ccd754120af88334825c88ee088539122aeece4e86
SHA3-384 hash: 752157ef26e68b0375bdfd6705786022d2ffb20bfba8136e75472513f37bf86291a34ceac28b7d9523115e3a83f75ee4
SHA1 hash: 93872739564b1d12f600dadb2857445d8c6f9f26
MD5 hash: 24a005a1488f71fb65d78eeb4d5e4876
humanhash: rugby-steak-zulu-juliet
File name:Tax Invoice.PDF.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'507'328 bytes
First seen:2022-09-01 09:04:32 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:6F75eqnN7org1+XKeT3unq0jEnrDtyejzJegPwqoXY+mzoRtbvRT7:6Z51ndoNXHynlAnrDYoleXY+mzo3bv
TLSH T1A96502499684C3B5F42B1BB01171F12896BEBE159671C28DBECFB1EC4BB8B125217A07
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:img INVOICE NetWire


Avatar
cocaman
Malicious email (T1566.001)
From: "Afrisam <lil.kem@positivepunt.com>" (likely spoofed)
Received: "from xjjkftoo.positivepunt.com (xjjkftoo.positivepunt.com [85.217.145.48]) "
Date: "Thu, 01 Sep 2022 07:57:24 +0100"
Subject: "Re: SSP115CC Invoice"
Attachment: "Tax Invoice.PDF.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1427-2.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Tags:
fareit packed remcos
Link:
https://www.filescan.io/uploads/631075c3a7450371f69609a4/reports/21d53e2a-43e1-4b0e-9576-d207d0838a69/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b2073dc1d040030490fc5ccd754120af88334825c88ee088539122aeece4e86/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-09-01 08:09:53 UTC
File Type:
Binary (Archive)
Extracted files:
32
AV detection:
17 of 40 (42.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dmqhhxa5aqadasipyxgnovasbl4igneclseo4cefhejcv3woj2da._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b2073dc1d040030490fc5ccd754120af88334825c88ee088539122aeece4e86

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 1b2073dc1d040030490fc5ccd754120af88334825c88ee088539122aeece4e86

(this sample)

NetWire

Executable exe 5e6ed3f0eda07ab20f0de1f4c2f9e355a558de4f53b1f81cadae2f3b2d4609a4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e6ed3f0eda07ab20f0de1f4c2f9e355a558de4f53b1f81cadae2f3b2d4609a4
  
Dropping
NetWire
  
Dropping
MD5 1ae5aa67399707e81cf4fa93f127ebe5

Comments