MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abbd2543cb97f4ac65d6b7f2a0b41de2f6afb1e0ea8c509f650b1f0179bceb9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abbd2543cb97f4ac65d6b7f2a0b41de2f6afb1e0ea8c509f650b1f0179bceb9c
SHA3-384 hash: 13cc6e5a30be6bad1da6d88590fc9bbc17593039e4abfec21fe6266b481b91f0fd90440e8c385940792434852e6f2ac8
SHA1 hash: 6e124f8c9cde34e0136d561dbc659f88455f9a1e
MD5 hash: ae27b286ad2e73803a6072a62139cb2a
humanhash: lactose-butter-october-seven
File name:Proof Of Payment.iso
Download: download sample
Signature NetWire
Create hunting rule
File size:1'310'720 bytes
First seen:2020-10-12 05:53:39 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:oMOLuS9JS8sBj2veFzWjAAMPmHPlCshhv0DT6kNgIiAc:YLuS9JSFtqaza2FshZ4Puj
TLSH 0355D06127B59F86E17E8BF50224155043F93A2B386EF2593DCA29EF1BB4F418600F67
Reporter abuse_ch
Tags:iso NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: relay.enetworks.co.za
Sending IP: 41.222.50.15
From: phmontrose <reservations@phmontrose.co.za>
Subject: Proof Of Payment
Attachment: Proof Of Payment.iso (contains "Proof Of Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/abbd2543cb97f4ac65d6b7f2a0b41de2f6afb1e0ea8c509f650b1f0179bceb9c/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 01:34:29 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vo6skq6ls72kyzoww7zkbna54l3k7mpa5kgfbh3fbmpqc6n45ooa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/abbd2543cb97f4ac65d6b7f2a0b41de2f6afb1e0ea8c509f650b1f0179bceb9c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

iso abbd2543cb97f4ac65d6b7f2a0b41de2f6afb1e0ea8c509f650b1f0179bceb9c

(this sample)

NetWire

Executable exe 4255ae6b31d6068463b663c1871ac8cee3461b0d3fbf642f96cf9a3e8817803c

  
Dropping
MD5 30bb37df41628496e88b0c711f98df21
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4255ae6b31d6068463b663c1871ac8cee3461b0d3fbf642f96cf9a3e8817803c

Comments