MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c
SHA3-384 hash: ac2d6c73cb2e893008cb69b35a242badbeedec69ae5ccf73a7faa614a9a7fc9dc7b2bd121561696b484e6fcf6edd7367
SHA1 hash: 6a244b1c89996d5d59ce090bfed8fb237a31777a
MD5 hash: 84997db6f88adc1ab5b66d15d868d19a
humanhash: minnesota-ink-vermont-two
File name:Payment notification-pdf.uue
Download: download sample
Signature NetWire
File size:958'442 bytes
First seen:2020-06-30 08:43:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:2/BCIUHnohCHWyku0+19aOFlQHxFyRMQuDIvRV4:MB2rc7TRUpUIX4
TLSH 2F15332379FC85E0721D9404A74F4EA5B345EF00A514F8BBFBE08379AB8956450EE2F2
Reporter @abuse_ch
Tags:NetWire RAT uue


Twitter
@abuse_ch
Malspam distributing NetWire:

HELO: magna.webdema.com
Sending IP: 173.212.193.63
From: Notification@nedbank.co.za
Reply-To: No-repIy@nedbank.co.za
Subject: Payment Notification
Attachment: Payment notification-pdf.uue (contains "Payment notification-pdf.exe")

NetWire RAT C2:
154.16.93.182:3373

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 31
Origin country FR FR
ClamAV SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Sanesecurity.Malware.20860.ZipHeur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Zmutzy
First seen:2020-06-30 08:45:04 UTC
AV detection:18 of 48 (37.50%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

zip 4969b354c1b6a09b63f18085196e8b0eabe4968f0a971c3bdba433b94703194c

(this sample)

  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment

Comments