MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13afc1f9891355d495a626a2a7cb4e21d7dc3c29339d9ca162730ae7f097781d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13afc1f9891355d495a626a2a7cb4e21d7dc3c29339d9ca162730ae7f097781d
SHA3-384 hash: 60ad11dfbe893bd809ea0967ac3da0656deb3f252c8798af2fc05b537824de19350449bd4819d0409cf0a8ccd295b5af
SHA1 hash: 9196df6d6cbb20f6a9e7472aa7a3e602a63084dc
MD5 hash: b97a86a838310932be2be42f92aa8474
humanhash: november-purple-mississippi-zebra
File name:DHL Receipt_pdf.gz
Download: download sample
Signature NetWire
Create hunting rule
File size:394'258 bytes
First seen:2020-08-31 06:24:58 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:xcVoCbybZq4dN5eG7tdW+kcXsk3LMvVcgaWWzMEN2qOZVn0dI3YZCUmh9q3TIo:1COdqe9hdgC9uVHWzMEjWVnHM3Mo
TLSH E0842318039ADE59471866010EEF646D512A308E9BED69F23B3CF507D3BB0D9B367907
Reporter abuse_ch
Tags:DHL gz NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: dhl.com
Sending IP: 193.169.253.132
From: DHL Customer Support <support@dhl.com>
Subject: DHL Shipment Notification : 2766998846
Attachment: DHL Receipt_pdf.gz (contains "DHL Receipt_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.Trojan-7.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13afc1f9891355d495a626a2a7cb4e21d7dc3c29339d9ca162730ae7f097781d/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cox4d6mjcnk5jfnge2rkps2oehl5ypbjgoozzilcomfop4expaoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/13afc1f9891355d495a626a2a7cb4e21d7dc3c29339d9ca162730ae7f097781d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

gz 13afc1f9891355d495a626a2a7cb4e21d7dc3c29339d9ca162730ae7f097781d

(this sample)

NetWire

Executable exe 73b0fb36b1b8763ebb06328273016c4c4c65b20d2abc3b5bb0566a6f13aa086d

  
Dropping
MD5 fd175da54494e88a5777471577927264
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 73b0fb36b1b8763ebb06328273016c4c4c65b20d2abc3b5bb0566a6f13aa086d

Comments