MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 647a443ee452ca7df3fc63da77ee5cfc7e7dd597530a1984ef9a3e6e5671667d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 3 Yara Comments

SHA256 hash: 647a443ee452ca7df3fc63da77ee5cfc7e7dd597530a1984ef9a3e6e5671667d
SHA1 hash: ce0c6b962a09c6ab229fa57ab146f06af280c4ba
MD5 hash: 8c5acba822df4334079b07d54e2f2bfa
File name:Missing Invoices.jar
Download: download sample
Signature n/a
File size:40'364 bytes
First seen:2020-05-23 07:26:28 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 768:SW/Cj9Gd3KRTS3Gj3vb7CVVWj2ZTfuj5CoHJzqOrxgtsBA3cFvOJDc01rhtp0Is:S3Wq+38/cEK8rYd3JJrpDs
TLSH A0030122ED1508CA529827B751298F03450E93543DA893FEA03D94BBEF463E0747DE7E
Reporter @abuse_ch
Tags:jar NjRAT RAT


Twitter
@abuse_ch
Malspam distributing njrat:

HELO: thror.xzopiahosting.com
Sending IP: 80.76.219.45
From: Una Tormey <joanne@automationcontrolsltd.co.uk>
Subject: Invoice 56493 from O.K. finboroughschool
Attachment: Missing Invoices.zip (contains "Missing Invoices.jar")

Unknown RAT C2:
37.221.113.68:5551

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country US US
ClamAV SecuriteInfo.com.JS.Trojan.Cryxos.3726.3374.878.UNOFFICIAL
VirusTotal:Virustotal results 29.51%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Java file jar 647a443ee452ca7df3fc63da77ee5cfc7e7dd597530a1984ef9a3e6e5671667d

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments