MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5ff35a0e6b9ca3e80e66ff47b5c6374a92f7aa363c35a4b08babf5155a1ecbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5ff35a0e6b9ca3e80e66ff47b5c6374a92f7aa363c35a4b08babf5155a1ecbd
SHA3-384 hash: 4b260e8531b162bba3dd4dd8a9487e8397c9ce834f44b5678ad265230823f0b48724c4197ac6504c6704cdfb6ad0c8ad
SHA1 hash: 314746f4a936703583f537b606db8f691130875d
MD5 hash: af33dfad37c0e54b3699fe6638cdcf37
humanhash: berlin-sodium-video-wolfram
File name:أمر الشراء 90037-2020.uue
Download: download sample
Signature NetWire
Create hunting rule
File size:375'412 bytes
First seen:2020-06-30 13:11:08 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:I8sjo/yfduhvw8OsdeOxUT0gFVSDvCz4d0YY5FMQkGcMY0yuYLRPmVI42idL:l/yEh8UUfyTb6kQkGc6yugR94fdL
TLSH 5B84232E04B94EF174D584B3FE6B60C8EA05083B24B15F39FCEB775EE9545A508883B2
Reporter abuse_ch
Tags:NetWire RAT uue


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mailout12.t-online.de
Sending IP: 194.25.134.22
From: UMAIR - SHAHTAJ TEXTILES (ARABIA) <fa.zajitschek@t-online.de>
Reply-To: UMAIR - SHAHTAJ TEXTILES (ARABIA) <fa.zajitschek@t-online.de>
Subject: Purchase Order 90037-2020 (SHAHTAJ TEXTILE)
Attachment: أمر الشراء 90037-2020.uue (contains "أمر الشراء 90037-2020.exe")

NetWire RAT C2:
43.226.229.43:2030

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d5ff35a0e6b9ca3e80e66ff47b5c6374a92f7aa363c35a4b08babf5155a1ecbd/
Threat name:
Win32.Trojan.DelfFareIt
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 13:13:03 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2x7tlihgxhfd5ahgn72hwxddosus66vdmpbvusyixk7vcvnb5s6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

uue d5ff35a0e6b9ca3e80e66ff47b5c6374a92f7aa363c35a4b08babf5155a1ecbd

(this sample)

NetWire

Executable exe a9a8374950d68997b782dca8ae2464aa81709c2f51bcc8fdb1abdcfb5b40c521

  
Dropping
MD5 598b0e23c0eb2baffc02fd05ce1b41e9
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a9a8374950d68997b782dca8ae2464aa81709c2f51bcc8fdb1abdcfb5b40c521

Comments