MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2080b83db7b23ece856c4bbe248223afb5d174d18b274582a2abb1569ff0ca83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2080b83db7b23ece856c4bbe248223afb5d174d18b274582a2abb1569ff0ca83
SHA3-384 hash: addcb1284b85f9c4c96a0d1b681fea3d0abc761e44a5a80c6a2522e885e88a105b7d8f58c8c1765e2e2c50134d0b2f0b
SHA1 hash: bba6e437e4f2fb840821b228c082bb9dac8d368b
MD5 hash: 0253c0129bd7ee1d195ed156c216d99c
humanhash: spaghetti-early-oxygen-six
File name:SMS Invoice.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:230'965 bytes
First seen:2020-05-06 10:05:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:+Byd2uTXbjkjYBpphE1FIT/O1rpNFJNvfF69eO:gyAmX8jWphEHIT/O1pJNGeO
TLSH 633423919F88A883ADDC4368175922EC44DE90A5D7ACD4186C7FB1C4BD8F853E637F28
Reporter abuse_ch
Tags:NetWire rar RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: srv.perar.it
Sending IP: 77.242.136.150
From: RITESH SINGH <riteshsingh.63@rediffmail.com>
Subject: Invoice & Sms counts
Attachment: SMS Invoice.rar (contains "SMS Invoice for the month of April 2020.exe")

NetWire RAT C2:
info1.dynamic-dns.net:3360 (91.140.246.207)

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rrat
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 10:36:37 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ecalqpnxwi7m5blmjo7cjardv625c5grrmtulavcvoyvnh7qzkbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar 2080b83db7b23ece856c4bbe248223afb5d174d18b274582a2abb1569ff0ca83

(this sample)

NetWire

Executable exe af3c8597b7f874293c5b1fe53c4d1c476c7fdf06df678ba31d75c8f126ae90a0

  
Dropping
MD5 d0cb3cab1881e39d7f91c4734dbc9ae6
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 af3c8597b7f874293c5b1fe53c4d1c476c7fdf06df678ba31d75c8f126ae90a0

Comments