MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27eb7c7ba3f49a33711abc411d1f8332182431b9a10d53df3e6c89881718846a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27eb7c7ba3f49a33711abc411d1f8332182431b9a10d53df3e6c89881718846a
SHA3-384 hash: d0d64c287b9488039d2f823bcb5737a5771b494abd6357483abef1590d541f8b4983ced3d843f26f1c7d347e4b104d11
SHA1 hash: df2a12388c7b44af15185d386855a74ffbba48f6
MD5 hash: 09070b98ec7a0133db17254327b89e37
humanhash: double-charlie-mountain-potato
File name:Proof of Payment.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-14 16:29:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:AfSNqmkgyTcCG1PJ5Qs8ir3+j1chSCiId7g5UgxLQJVpbgBgtl2wDua+TpqJbhxc:qN2dT8ijHSudk5m+gT
TLSH 9E45CF9C325071DFC957C9378AA42C54EA2074AB931BD203A05B26ACDB0EADBDF155F3
Reporter abuse_ch
Tags:img NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: taymacmedia.dedicated.co.za
Sending IP: 154.0.171.91
From: info@kaiamanzi.co.za
Subject: Proof of Payment
Attachment: Proof of Payment.img (contains "u01nzNqVia9BYzf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.28830.11289.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27eb7c7ba3f49a33711abc411d1f8332182431b9a10d53df3e6c89881718846a/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 14:24:56 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7vxy65d6sndg4i2xrar2h4dgimcimnzuegvhxz6nseyqfyyqrva._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/27eb7c7ba3f49a33711abc411d1f8332182431b9a10d53df3e6c89881718846a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 27eb7c7ba3f49a33711abc411d1f8332182431b9a10d53df3e6c89881718846a

(this sample)

NetWire

Executable exe f036a3590c0eb7c197849f42beae2a60473ec875a9e97cadc598f1010d416d23

  
Dropping
MD5 2b520e8dbe14f3992a67f6e438a5e4bc
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f036a3590c0eb7c197849f42beae2a60473ec875a9e97cadc598f1010d416d23

Comments