MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 032dd8fd535629a9865652bf4e1b9915d22d19c29b27696ea88ead20b5eeacb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 032dd8fd535629a9865652bf4e1b9915d22d19c29b27696ea88ead20b5eeacb9
SHA3-384 hash: bfff34e18dd608cbad5475c0d44c9a6b4963aa67d26a5bf2edc27b00b199403b6aee6778d675ec230fdf2f1da449d7f0
SHA1 hash: a3221201eff88160c1ffaa646cb4599be47346ec
MD5 hash: c1b20c97598a59da6b9885922a5597db
humanhash: missouri-two-november-uncle
File name:Proof of Payment.tar
Download: download sample
Signature NetWire
Create hunting rule
File size:606'471 bytes
First seen:2020-10-08 05:40:20 UTC
Last seen:Never
File type:
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:Lw4prQchu2IzwhJB0NG0EKHe0M0mZQHmO/QeUhOIEBhXWAheeBM3M9B7OvV:LwI3YwXuNG0he0KQZzgEqxH+BOt
TLSH 78D4232DEB8F58B1E21EB132D2586D013B94FCE46F6864383694CB583BC658BE352275
Reporter abuse_ch
Tags:NetWire RAT tar


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail.webhouse.dk
Sending IP: 87.118.110.6
From: anna@aa-namibia.com
Reply-To: anna@aa-namiba.com
Subject: Proof of Payment
Attachment: Proof of Payment.tar (contains "Proof of Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
203
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/032dd8fd535629a9865652bf4e1b9915d22d19c29b27696ea88ead20b5eeacb9/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 04:06:57 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=amw5r7ktkyu2tbswkk7u4g4zcxjc2goctmtws3vir2wsbnpovs4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/032dd8fd535629a9865652bf4e1b9915d22d19c29b27696ea88ead20b5eeacb9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

032dd8fd535629a9865652bf4e1b9915d22d19c29b27696ea88ead20b5eeacb9

(this sample)

NetWire

Executable exe 98eeb35497473e4739441aabdd0e47d31ad8d3e1f43a121df4b9c72012426e84

  
Dropping
MD5 b4a0c44ca39c875f06997f3a550868a1
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 98eeb35497473e4739441aabdd0e47d31ad8d3e1f43a121df4b9c72012426e84

Comments