MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c30e0dc8c0a1e5c59786c5c5fa22a1e7fbffd7a590313397eb2d35a78cb6f666. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c30e0dc8c0a1e5c59786c5c5fa22a1e7fbffd7a590313397eb2d35a78cb6f666
SHA3-384 hash: f0ea4df870dc88fd4037bae5b3fe042770f5f0c30edb1a9478c1b8c10c427128d87b91bdfe62fd57536ddc7a0361c2ed
SHA1 hash: 8a41ead580805a284528e3a1e081e3b46a9439f7
MD5 hash: f2ea4858864201512635672312ff0711
humanhash: floor-mobile-kitten-zebra
File name:inv9087673.PDF.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'376'256 bytes
First seen:2022-08-18 10:08:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:EfZZ5m+JN9Wd11R/5PV6nTSscLn3NAqw0wJyFVOMzmm/td2jHC4m0EtPG:83Y+7yPojCdAD0SQVXmmlTP0Et
TLSH T1E355CF107BE8A915E7BA8F3ACA70112019F2F9DB2A27D31F269532DD0E767580C5374B
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:img NetWire


Avatar
cocaman
Malicious email (T1566.001)
From: "Jason Bourne <admin@toyomail.top>" (likely spoofed)
Received: "from toyomail.monster (unknown [103.179.188.53]) "
Date: "Thu, 18 Aug 2022 11:11:07 +0700 (ICT)"
Subject: "inv9087673"
Attachment: "inv9087673.PDF.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
357
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1496.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
barys fareit packed
Link:
https://www.filescan.io/uploads/62fe0ffe6df203c16a8de5f3/reports/6f527123-867a-442b-87d5-136b98525d50/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c30e0dc8c0a1e5c59786c5c5fa22a1e7fbffd7a590313397eb2d35a78cb6f666/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2022-08-18 10:09:10 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ymha3sgauhs4lf4gyxc7uivb47577v5fsaythf7lfu22pdfw6zta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c30e0dc8c0a1e5c59786c5c5fa22a1e7fbffd7a590313397eb2d35a78cb6f666

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img c30e0dc8c0a1e5c59786c5c5fa22a1e7fbffd7a590313397eb2d35a78cb6f666

(this sample)

NetWire

Executable exe 84530ed1bbd58c38b85fc93e447d14251cda335b3de5fe9216cf3386758cb0ee

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 84530ed1bbd58c38b85fc93e447d14251cda335b3de5fe9216cf3386758cb0ee
  
Dropping
NetWire
  
Dropping
MD5 3b5e92e5880c828f9ad90929a3b6d5a1

Comments