ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 154.53.40.254:4433.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 701444 |
|---|---|
| IOC: | 154.53.40.254:4433 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | NetWire RC |
| Malware alias: | NetWeird, NetWire, Recam |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS40021 CONTABO-40021 |
| Country: |  DE |
| First seen: | 2022-06-14 18:54:25 UTC |
| Last seen: | 2022-08-11 13:28:34 UTC |
| UUID: | 69118472-ec13-11ec-a975-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | NetWire |
| Reference: | https://tria.ge/220614-xdt57acgh9 |
AndreGironda
MITRE T1566.001Date: 14 Jun 2022 09:30-10:00 -0700
Received: from 5266108.doorrackpainter.com (162.240.1.83)
Received: from [144.126.208.207] (port=59959 helo=doorrackpainter.com) by 5266108.doorrackpainter.com with esmtpa (Exim 4.95) (envelope-from <best@doorrackpainter.com>) id 1o19di-0005dD-2Z
Reply-To: podznanorat@gmail.com
From: "accountspayableremit" <best@doorrackpainter.com>
Subject: Payment Notification
Message-ID: <20220614094341.5DA6DBF61DF1ED5C@doorrackpainter.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_BDAF7ED4.B47FCD6D"
Return-Path: best@doorrackpainter.com
Atttachment Name: Payment Notifcation.7z
Rarfile SHA256: b1567a1ae0b925c6faa052eebb72cb0210118b302c36e6d54e911bdc8e015861
Uncompressed Executable Name: Payment Notification.exe
Executable SHA256: a152ac9e30bb5899007c127a0855393e8c2257b44ee981a059427d61f2dd49d7
Netwire Unpacked Executable SHA256: b9680182476cd741b221e0928a628b23ff5f34ff06e82acadd31284fb4088928
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2022-06-23 09:14:37 | f53a21f7dbd23dbb06174d92ba8c94f9a4296ae1271372c3e5369121aa7a6e62 |