MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 011f584f48494d54c55ca6da7d2aabf64a983a9f5b5a0f4d1f6c1c6a986eb78b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	011f584f48494d54c55ca6da7d2aabf64a983a9f5b5a0f4d1f6c1c6a986eb78b
SHA3-384 hash:	7b945236ef67c9899553263406648c70dccb58b7a6ff7669028ab9bcb4122fd3d2024a41edf481065680578e7faf1083
SHA1 hash:	1f6ddec122687f435532b864c633f13a843a9ac4
MD5 hash:	9d292b1575ee0e13ca1ab54735f1aa27
humanhash:	bakerloo-violet-don-south
File name:	FeDEx TRACKING DETAILS.PDF.z
Download:	download sample
Signature	NetWire Create hunting rule
File size:	247'667 bytes
First seen:	2021-01-14 06:13:08 UTC
Last seen:	Never
File type:	z
MIME type:	application/x-rar
ssdeep	6144:Wgs07NaginQxtMb8xZqzH10PF4W9J5E5MnFV5Cdzo:9s0AWZq0xbsMnFV02
TLSH	7E3423EB425476A40A9A14BB6709B3EF8E388D5464B753081CF7578AFF235D203A16CB
Reporter	abuse_ch
Tags:	FedEx NetWire RAT z

abuse_ch

Malspam distributing NetWire:

HELO: server.growtying.tk
Sending IP: 188.225.75.181
From: FedEX OFFICE <fedex@growtying.tk>
Subject: FedEx ONLINE SHIPPING PARCEL ARRIVAL NOTIFICATION DATED 13TH JAN 2021
Attachment: FeDEx TRACKING DETAILS.PDF.z (contains "FeDEx TRACKING DETAILS.exe")

NetWire RAT C2:
ceo2021.duckdns.org