MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d93c9bc252e72fe8c08fcb28e1f62a28ea4436220904661ad0deeb657e7f03b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d93c9bc252e72fe8c08fcb28e1f62a28ea4436220904661ad0deeb657e7f03b1
SHA3-384 hash: a3a3385108f8143657dfe8ec210de6be3a25e4941dba575c848d574cacabc4012f1dbacb1ba8dba1fc0fd2e1de06af9d
SHA1 hash: f6194089df057e672d6d3859c4bc233187d54b93
MD5 hash: 89fede5a2e451965f24a0147590dac39
humanhash: solar-river-snake-diet
File name:PAYMENT NOTIFICATION.UUE
Download: download sample
Signature NetWire
Create hunting rule
File size:850'401 bytes
First seen:2020-06-15 13:33:53 UTC
Last seen:Never
File type: uue
MIME type:application/vnd.ms-cab-compressed
ssdeep 24576:zH9vvaLdt8SGClw9pJil/Dx703oFYYcCxIJi:D9vvIyXerxooS4
TLSH 50053354A298CBCFEF41DFBF40004B4F54108886BCE5DF668D7E269A86EFE805937994
Reporter abuse_ch
Tags:NetWire RAT uue


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: smtp2.emailstor.co.za
Sending IP: 197.189.235.58
From: Paymentemail@fnb.co.za <paymentemail@fnb.co.za>
Reply-To: noreply@fnb.co.za
Subject: Payment Notification from AM SYSTEMS INTEGRATIONS_8GB5SKLG
Attachment: PAYMENT NOTIFICATION.UUE (contains "Payment Notification.exe")

NetWire RAT C2:
154.16.93.177:3365

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.NetWired
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:35:04 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3e6jxqss44x6rqepzmuod5rkfdveinrcbecgmgwq33vwk7t7aoyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

uue d93c9bc252e72fe8c08fcb28e1f62a28ea4436220904661ad0deeb657e7f03b1

(this sample)

NetWire

Executable exe b2f0163dc3b78efe59306d39ba94105e77373d723065663825f40e17abd5bac0

  
Dropping
MD5 716c0406d01f857ff623c8b606fdad71
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2f0163dc3b78efe59306d39ba94105e77373d723065663825f40e17abd5bac0

Comments