MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c61b30352d1b30b2dcb1a52b5180e11278e06c33e91bbb89b2c819e13358c27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c61b30352d1b30b2dcb1a52b5180e11278e06c33e91bbb89b2c819e13358c27
SHA3-384 hash: 6c4a71a6d63045b8b33ef1ca330e5ff64b5de915cbb501a436a48101705fff9558ba8286862fb6d6aebb6d27e715cf53
SHA1 hash: 8a501f14a8c584f5eb90b919f3e6bc943efc7c98
MD5 hash: c5ba11a890e0666144d4ed080571323a
humanhash: queen-burger-saturn-charlie
File name:IM202208198850.JPG.IMG
Download: download sample
Signature NetWire
Create hunting rule
File size:1'310'720 bytes
First seen:2022-08-19 09:00:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:GCuCMuw1eDV84Njaw7laCPIFDum+y2eN:qjenNL7lboOyt
TLSH T1105501A1366C9791C0AA0BF51895CF0853B17CE3E92EEA0ABDCDF1CA1731741CA51A1F
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:img INVOICE NetWire


Avatar
cocaman
Malicious email (T1566.001)
From: "OUTSURANCE <admin@kiaemail.top>" (likely spoofed)
Received: "from mail.kiaemail.top (unknown [103.151.238.153]) "
Date: "Fri, 19 Aug 2022 09:42:34 +0100"
Subject: "invoice PO09844"
Attachment: "IM202208198850.JPG.IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
365
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1496.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62ff51c62093f735286ed249/reports/3d9969d6-7466-4c3e-8b10-c8d507d46b3b/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c61b30352d1b30b2dcb1a52b5180e11278e06c33e91bbb89b2c819e13358c27/
Threat name:
ByteCode-MSIL.Backdoor.NetWiredRc
Create hunting rule
Status:
Malicious
First seen:
2022-08-19 09:01:06 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
7 of 40 (17.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrq3ga2s2gzqwloldjjlkgaocety4bwdh2i3xoe3fsaz4ezvrqtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c61b30352d1b30b2dcb1a52b5180e11278e06c33e91bbb89b2c819e13358c27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 5c61b30352d1b30b2dcb1a52b5180e11278e06c33e91bbb89b2c819e13358c27

(this sample)

NetWire

Executable exe d08f75542680080f9d3393fc3bb0ced3c30335db5030c1f38a8d7a7aadb15794

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d08f75542680080f9d3393fc3bb0ced3c30335db5030c1f38a8d7a7aadb15794
  
Dropping
NetWire
  
Dropping
MD5 c1ca174fbfc7936f8d9d0aad755f29cf

Comments