MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06599f6c48184ef1aa771d951682f985f4193e29b5b87e9dff23db388fb1c4b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06599f6c48184ef1aa771d951682f985f4193e29b5b87e9dff23db388fb1c4b6
SHA3-384 hash: 55f527e7805d0be6912a649d4390007d41fd23a8b9ce49265602462f3acd59f4058621f32886fd4da379b252b673b984
SHA1 hash: c4d7ee4f7fb4445362d9f6640f7c83247c722111
MD5 hash: 1e549aabc3ce0f57655164993d2e7e30
humanhash: fifteen-rugby-berlin-kitten
File name:Our New Order Feb 23 2021 at 2.70_PVV440_PDF.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2021-02-23 06:59:00 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:5Uu8tl6Akg2ifiv/1dpSEzOnfX0NOJ6y1AacZTXA1bXZCryrEI7lDlJAaN2+WN:5Uu8CAkg2Yivddp9+OG1bcrzI7lZV2h
TLSH 8445AE20265C9B5EE03EBB795110121F43F5A612D327E68F7DE941DF6EA2F404B72A23
Reporter abuse_ch
Tags:img NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: servidor2.mediosenred.tv
Sending IP: 5.145.175.121
From: Dusan Matkovic <Dusan.azih@getinge.com>
Subject: RE: AW: Our New Order//Shipment No.00187
Attachment: Our New Order Feb 23 2021 at 2.70_PVV440_PDF.img (contains "Our New Order Feb 23 2021 at 2.70_PVV440_PDF.exe")

NetWire RAT C2:
mmakopl.duckdns.org:5569

Intelligence

File Origin
# of uploads :
1
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/06599f6c48184ef1aa771d951682f985f4193e29b5b87e9dff23db388fb1c4b6/
Threat name:
Win32.Backdoor.NetWiredRc
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 06:59:19 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=azmz63cidbhpdktxdwkrnaxzqx2bsprjww4h5hp7epntrd5rys3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/06599f6c48184ef1aa771d951682f985f4193e29b5b87e9dff23db388fb1c4b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 06599f6c48184ef1aa771d951682f985f4193e29b5b87e9dff23db388fb1c4b6

(this sample)

NetWire

Executable exe 58e859630e2c6bf67159e3749ab71038fcbcfb32ba0bbf3162d58a7fac6311eb

  
Dropping
MD5 711dfad09c91744b9992c13d0f48289e
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 58e859630e2c6bf67159e3749ab71038fcbcfb32ba0bbf3162d58a7fac6311eb

Comments