MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c797945540ee1629a4a6f02a4c18ea794f56ec29b6a39508097998a0e5cecde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c797945540ee1629a4a6f02a4c18ea794f56ec29b6a39508097998a0e5cecde
SHA3-384 hash: 79293bd77ec29825233bc13e2bdd43cb42c14048c2c7255058eff1281e99ec1c0eb9e314e0049a0057aa28b7cdb1b457
SHA1 hash: e5dd02cf7bfd8792f039d0ed47d0177bbe46ae40
MD5 hash: d22d57d7338394db96c4d4c15a436775
humanhash: nuts-washington-golf-indigo
File name:Factura.uue
Download: download sample
Signature NetWire
Create hunting rule
File size:560'866 bytes
First seen:2020-08-03 11:36:16 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:kQv3OCY6mHLLNbA6WbYKoQJd0c8QbV/NeL/J6lyOLhf8WeVN3Khlw:jvXYJQwEd0cBZNW/ooWeElw
TLSH 9AC423A37EF52D4D362CB8B129F73C38BB489D05833127F95EA50580805F4D9E6CE9A5
Reporter abuse_ch
Tags:BBVA ESP geo NetWire RAT t-online uue


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mailout07.t-online.de
Sending IP: 194.25.134.83
From: Confirming.bbva@bbva.com <Zahnarztpraxis-Kugler@t-online.de>
Reply-To: Confirming.bbva@bbva.com <Zahnarztpraxis-Kugler@t-online.de>
Subject: BBVA-Confirming Factura
Attachment: Factura.uue (contains "Factura.exe")

NetWire RAT C2:
43.226.229.43:2030

Intelligence

File Origin
# of uploads :
1
# of downloads :
299
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c797945540ee1629a4a6f02a4c18ea794f56ec29b6a39508097998a0e5cecde/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 06:00:56 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hr4xsrkub3qwfgskn4bkjqmou6kpk3wctnvdsueas6myuds45tpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3c797945540ee1629a4a6f02a4c18ea794f56ec29b6a39508097998a0e5cecde

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

uue 3c797945540ee1629a4a6f02a4c18ea794f56ec29b6a39508097998a0e5cecde

(this sample)

NetWire

Executable exe ffd24bd48e21a03c0b7fc884a12bd22e88e8d56735d810fccb64e6e6ca27768d

  
Dropping
MD5 2f8c343e41d3829aa8e24eebff7de4ab
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ffd24bd48e21a03c0b7fc884a12bd22e88e8d56735d810fccb64e6e6ca27768d

Comments