MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3533ac8efe42e657e4ce2443f7f358d9f732900ca797cfe83f11cf64e001304. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3533ac8efe42e657e4ce2443f7f358d9f732900ca797cfe83f11cf64e001304
SHA3-384 hash: d20ba271213845a9cfb8674b7669a94b32b493cb82f1258872578a572295657369b89b7f8dcb3a7d3f93e95f1e2d734e
SHA1 hash: fb727b70a439bd2281e251f46c69219f2300698c
MD5 hash: 7230f8803429d22474e6feb973be4a39
humanhash: carpet-juliet-white-september
File name:AWB 4198742133.ISO
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-08 05:56:10 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:QFzwEWDrccstNH8NSsPP6zD+SkJ7O9FU6k:QFfNHGCzDJoqLk
TLSH 4045F140BED9C717E5690BF3A5A2206113B1660B3673DA2D3D9E32E6C7357032983A5F
Reporter abuse_ch
Tags:DHL iso NetWire nVpn RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: inmobigrama.com
Sending IP: 51.254.198.201
From: DHL Express<ksa.vat@dhl.com>
Subject: Shipment details AWB# 4198742133
Attachment: AWB 4198742133.ISO (contains "AWB# 4198742133.exe")

NetWire RAT C2:
izz.duckdns.org:1432 (185.16.204.2)

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.67676.2036.25640.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:58:05 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ynjtvshp4qxgk7sm4jcd67zvrwpxgkiazj4xz7ud6eopmtqacmca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

iso c3533ac8efe42e657e4ce2443f7f358d9f732900ca797cfe83f11cf64e001304

(this sample)

NetWire

Executable exe 4fea6e355cf21e8c42cde98a6ee6f03e8ea24ec6df6a5711b9a31cb43eb93fc6

  
Dropping
MD5 4f3cf8dbe13145b4b0baf98283cfeb0e
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4fea6e355cf21e8c42cde98a6ee6f03e8ea24ec6df6a5711b9a31cb43eb93fc6

Comments