MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e07a068890fe021969958f20db17946378f41bc603a628c6d8a54d0b0a34fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0e07a068890fe021969958f20db17946378f41bc603a628c6d8a54d0b0a34fb
SHA3-384 hash: c271d275f38cea00e776174fa6f0111c8c9fc5d947be9e3716a8a868651c3a9342c3146e4c71ea5140cb3fc39db168de
SHA1 hash: 451dfda2c613538a7ad69c19ef6bb467f256419d
MD5 hash: 2c7c91e69821eaaf9c547fac79a52e66
humanhash: six-batman-salami-east
File name:tax invoice.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'638'400 bytes
First seen:2022-09-20 05:43:28 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:lkNjmlx1fDFztKfCWxWrFoT5VPBDwvTgnRcPLHWO4Tyw4N9ER5pzh9K/BUW:lkxmlXDFgsOlDa0R6HWOscSR3P8UW
TLSH T128751A0621950BA5D07253FC20CCC1728BBA9E45E53FD945BFC99CEFF592F2846D22A2
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:img INVOICE NetWire


Avatar
cocaman
Malicious email (T1566.001)
From: "Afrisam <lil.kem@positivepunt.com>" (likely spoofed)
Received: "from xjjkftoo.positivepunt.com (unknown [85.217.145.48]) "
Date: "Thu, 08 Sep 2022 09:57:55 +0100"
Subject: "tax invoice"
Attachment: "tax invoice.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.42577.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
67%
Tags:
packed remcos
Link:
https://www.filescan.io/uploads/6329539f733cf060464e5ee5/reports/61f63808-25da-48fb-a619-adbfa36547b6/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0e07a068890fe021969958f20db17946378f41bc603a628c6d8a54d0b0a34fb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-09-08 10:43:18 UTC
File Type:
Binary (Archive)
Extracted files:
33
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wdqhubuisd7aegljswhsbwyxsrrxr5a3yyb2mkgg3csu2cykgt5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0e07a068890fe021969958f20db17946378f41bc603a628c6d8a54d0b0a34fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img b0e07a068890fe021969958f20db17946378f41bc603a628c6d8a54d0b0a34fb

(this sample)

NetWire

Executable exe 9fe290fed627fb78a5f4f92a4e479c63a6b8a2d614fa173bb37d474300c102e6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9fe290fed627fb78a5f4f92a4e479c63a6b8a2d614fa173bb37d474300c102e6
  
Dropping
NetWire

Comments