MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad7cf78b36e674317466a8dfe35dd0a21df0ec7a3f4d3b435bac45ae0b4557a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad7cf78b36e674317466a8dfe35dd0a21df0ec7a3f4d3b435bac45ae0b4557a8
SHA3-384 hash: 8d2b67623f336cd40f5b176d888edebb0e7d90d33589f18e4a3cde826ec96a399b2f26e380865bb2e4783a8e7ced7f79
SHA1 hash: acaf88e2040bdfd1ef880edaa0bf380355786b30
MD5 hash: 5d6e0c0d86f73a5b78057df5ac0f360e
humanhash: east-oven-kilo-pasta
File name:13457-13458-13459 lev.uue
Download: download sample
Signature NetWire
Create hunting rule
File size:447'938 bytes
First seen:2020-10-27 09:59:17 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:JnjUdBdKJ6rIpn9Onw0kYcSNqRaaQ7LhCcLGxC65fa0N:JnAdBQJ6Mpn9OlNfHZyg65Sk
TLSH 3194237EB0E363184BF58A30E5B329F4185AFA6DB551FBE79AD9870180F95000E7522F
Reporter abuse_ch
Tags:NetWire RAT t-online uue


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mailout05.t-online.de
Sending IP: 194.25.134.82
From: R F Gesteiro S L <fa.zajitschek@t-online.de>
Reply-To: R F Gesteiro S L <fa.zajitschek@t-online.de>
Subject: ValoraciĆ³n y Presupuesto(13457)
Attachment: 13457-13458-13459 lev.uue (contains "13457-13458-13459 lev.exe")

NetWire RAT C2:
43.226.229.43:2030

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ad7cf78b36e674317466a8dfe35dd0a21df0ec7a3f4d3b435bac45ae0b4557a8/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 07:29:26 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vv6ppczw4z2dc5dgvdp6gxoquio7b3d2h5gtwq23vrc24c2fk6ua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

uue ad7cf78b36e674317466a8dfe35dd0a21df0ec7a3f4d3b435bac45ae0b4557a8

(this sample)

NetWire

Executable exe a170710f4db4414908be1c82fc27c902e9d0680fc2bfa76c6c52037febfeeb77

  
Dropping
MD5 f1e6f7129d1a12d601888b8d893ebd5a
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a170710f4db4414908be1c82fc27c902e9d0680fc2bfa76c6c52037febfeeb77

Comments