ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 185.140.53.61:3365.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-02-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	838721
IOC:	185.140.53.61:3365
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	NetWire RC
Malware alias:	NetWeird, NetWire, Recam
Confidence Level :	Confidence level is high (100%)
Is compromised? :	False
ASN:	AS152586 KUROIT-AS-AP
Country:	GB
First seen:	2022-07-19 18:54:51 UTC
Last seen:	never
UUID:	44ee2064-0794-11ed-91a7-42010aa4000a
Reporter	AndreGironda
Reward	5 credits from ThreatFox
Tags:	NetWire
Reference:	https://tria.ge/220719-xej2lshccj

AndreGironda

MITRE T1566.001
Date: Wed, 20 Jul 2022 01:00-01:30 +0700 (ICT)
Received: from newtargets.website (103.153.74.185)
From: Jason Bourne <admin@newtargets.website>
Message-ID: <1817656033.26589.1658253945565.JavaMail.zimbra@newtargets.website>
Subject: Re:INV04635988
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_26585_1116258187.1658253945552"
X-Originating-IP: [103.153.74.185]
X-Mailer: Zimbra 8.6.0_GA_1153 (ZimbraWebClient - FF102 (Win)/8.6.0_GA_1153)
To: Undisclosed recipients:;
Return-Path: admin@newtargets.website
Attachment Name: Confirmation invoice.rar
Rarfile SHA256: 802e470978be4fd11d992d60270944b5221dabf00ab388a6682de38ad8541ace
Uncompressed Executable Name: Confirmation invoice.exe
Executable SHA256: ceddfa857ec809f2cfc3fd8168ec767f522bcb059c4448bbf662c83db8c0501c
Netwire Unpacked Executable SHA256: 58c7c0cf6f19d08b4a6c72bff9e4cc289f08716bcb6b155f3d9f6b778c0bd560

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-08-15 10:40:22	6ace19befa598ac3913865abf5fea0eac3d66b77425a9700274094d58b50630f