MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 534f5d9a1a67455296bd856a08ceaaa7bab7ce38d5c839578958b931c3d0f9c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 534f5d9a1a67455296bd856a08ceaaa7bab7ce38d5c839578958b931c3d0f9c6
SHA3-384 hash: 50a26bb621465de7e705a3d939cc4e2f82dd27f2f8b01e5965bd4fee58cdaeb843379cbbc52045fa5a8ee4862c46f0c8
SHA1 hash: 7487ad1725e5dbd5e95e462730f137559881d86c
MD5 hash: e0ef3f5a94aef6b04d7edbabbb5b9cb4
humanhash: pluto-avocado-mexico-lake
File name:Consignment Documents PL&BL Draft.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:264'686 bytes
First seen:2020-05-20 04:21:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:cMbn0kCvJwMtVQgcMFpL2Ok6U75AYiYQL4qFhzfBb2BEU:D0bvJwUVQgcMbE6U+pLT0Br
TLSH 0844239DB454294363A2E5C239245771B9C600D241687F55E3EC82B73A2A131ECEBFFD
Reporter cocaman
Tags:NetWire rar


Avatar
cocaman
Malicious email
From: TNT EXPRESS <service@tnt.com>
Received: from cloudhost-109205.us-west-1.nxcli.net (cloudhost-109205.us-west-1.nxcli.net [173.249.144.251])
Date: Tue, 19 May 2020 18:01:24 -0700
Subject: Consignment Notification: You have A Package With Us
Attachment: Consignment Documents PL&BL Draft.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 04:35:25 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=knhv3gq2m5cvffv5qvvartvku65lptry2xedsv4jlc4tdq6q7hda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar 534f5d9a1a67455296bd856a08ceaaa7bab7ce38d5c839578958b931c3d0f9c6

(this sample)

NetWire

Executable exe 495728bf6dbc968d32046da7c27c02a054fe439bbee917052549807e449349d6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 495728bf6dbc968d32046da7c27c02a054fe439bbee917052549807e449349d6

Comments