MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b2813c9c4df7f824e11a5a48b3544370d4870b43038ca4985bb77534113f2bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b2813c9c4df7f824e11a5a48b3544370d4870b43038ca4985bb77534113f2bd
SHA3-384 hash: bb4e06b91dacc36d2480144c4557ca0228fc098e91b9e78d1ae30b31ecbe24339ff3634898dfa79b7e9800bb88b7aa0c
SHA1 hash: 57e7013505c8a44e34e4096a5e07caf56ba136d5
MD5 hash: 0a8a1ab3c1ae2a5aeddbcf6868ee53c4
humanhash: carbon-moon-artist-april
File name:Payment confirmation.r10
Download: download sample
Signature NetWire
Create hunting rule
File size:387'904 bytes
First seen:2021-03-03 07:27:32 UTC
Last seen:Never
File type: r10
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:HVZn+uaZuYAf/feVUvFmD6uV/bhBb1t77n600YP7rEfFujuYdJOLBB6LDfULbqC3:eu8LAfpF2/bhN3Z0YzrpybB6E3
TLSH C7842333511C664EF284BEFF0B524BF9927DE0F33E824195AC8A6A00BCDE55654D5CE8
Reporter abuse_ch
Tags:NetWire r10 RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail.sayyess.website
Sending IP: 103.82.25.153
From: Standard Bank <ibsupport@standardbank.co.za>
Reply-To: Noreply@StandardBank.co.za
Subject: Payment confirmation
Attachment: Payment confirmation.r10 (contains "Payment confirmation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
311
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.73270.13613.10802.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b2813c9c4df7f824e11a5a48b3544370d4870b43038ca4985bb77534113f2bd/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 07:28:09 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bmubhsoe357yetqruwsiwnkeg4guq4fuga4musmfxn3vgqit6k6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0b2813c9c4df7f824e11a5a48b3544370d4870b43038ca4985bb77534113f2bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

r10 0b2813c9c4df7f824e11a5a48b3544370d4870b43038ca4985bb77534113f2bd

(this sample)

NetWire

Executable exe d88b21c1b67f0aee44019a8b54a72d1662ae3c2939ff593fe0d1844cf17a5c53

  
Dropping
MD5 387c469f5436dc8b8b38b474212c8027
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d88b21c1b67f0aee44019a8b54a72d1662ae3c2939ff593fe0d1844cf17a5c53

Comments