MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063
SHA3-384 hash: 597a5c6f2e82bdb253c23ca969308144dd99c2d67c230b856f080e339a8fa3d36a05fee526dd36083653feb119204251
SHA1 hash: 695255ca153effae31e7c7b77e7f39bcd563003c
MD5 hash: 297282d787079090bf2d5c8377a09735
humanhash: high-georgia-delaware-vegan
File name:Solictud_de_cotizacion 3699663-2020.uue
Download: download sample
Signature NetWire
File size:548'755 bytes
First seen:2020-07-31 12:17:25 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:izPod0i1SIIpUHMMfwLzx2pN+2qEj5Q8F8O9Sk73bcWa5Rw:iL20jUscut2pEeVZiO4Ic7Rw
TLSH EFC4334DEBEB99E55B80CFFD9A40ECAACD3665710870A0D0E4A78E87395D1C04748EE4
Reporter @abuse_ch
Tags:NetWire RAT t-online uue


Twitter
@abuse_ch
Malspam distributing NetWire:

HELO: mailout10.t-online.de
Sending IP: 194.25.134.21
From: Jimena Espinoza | NACOLPERU <Zahnarztpraxis-Kugler@t-online.de>
Reply-To: jsntfxqvip.163@gmail.com <jsntfxqvip.163@gmail.com>
Subject: Nuevo orden (NACOL S.A.) Julio / Agosto
Attachment: Solictud_de_cotizacion 3699663-2020.uue (contains "Solictud_de_cotizacion (3699663-2020).exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
36
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Medium
Vendor Threat Intelligence
Threat name:
Win32.Trojan.DataStealer
Status:
Malicious
First seen:
2020-07-31 12:19:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level
  5/5
Threat name:
Legit
Score:
0.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

uue 472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063

(this sample)

  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment

Comments