MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c
SHA3-384 hash: ac2d6c73cb2e893008cb69b35a242badbeedec69ae5ccf73a7faa614a9a7fc9dc7b2bd121561696b484e6fcf6edd7367
SHA1 hash: 6a244b1c89996d5d59ce090bfed8fb237a31777a
MD5 hash: 84997db6f88adc1ab5b66d15d868d19a
humanhash: minnesota-ink-vermont-two
File name:Payment notification-pdf.uue
Download: download sample
Signature NetWire
Create hunting rule
File size:958'442 bytes
First seen:2020-06-30 08:43:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:2/BCIUHnohCHWyku0+19aOFlQHxFyRMQuDIvRV4:MB2rc7TRUpUIX4
TLSH 2F15332379FC85E0721D9404A74F4EA5B345EF00A514F8BBFBE08379AB8956450EE2F2
Reporter abuse_ch
Tags:NetWire RAT uue


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: magna.webdema.com
Sending IP: 173.212.193.63
From: Notification@nedbank.co.za
Reply-To: No-repIy@nedbank.co.za
Subject: Payment Notification
Attachment: Payment notification-pdf.uue (contains "Payment notification-pdf.exe")

NetWire RAT C2:
154.16.93.182:3373

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20860.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 08:45:04 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jfu3gvgbw2qjwy7rqccrs3ulb2v6jfupbklryo63uqz3sryddfga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

zip 4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c

(this sample)

NetWire

Executable exe c52c1fb415117cce538aa98327a5c9e5adebe60dd26c49dee07d9efcc07a5948

  
Dropping
MD5 55f366df0150172ee321229116917ef9
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c52c1fb415117cce538aa98327a5c9e5adebe60dd26c49dee07d9efcc07a5948

Comments