MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fdb7f894f8a9971ee561d74f3ebecbc579f9233face1c4415f102f48f6db07c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	3fdb7f894f8a9971ee561d74f3ebecbc579f9233face1c4415f102f48f6db07c
SHA3-384 hash:	7f756f56e68cdf35d8b2c1902f3e26e06cc673ef52259412d2839026409ce9ec708761d59935e061f5f046c6c4c47ef6
SHA1 hash:	981d8fc6caf40a8deae5e260cdc0900ffcef4ab0
MD5 hash:	267d3bb5f99ff63a9ee3f3c0ca3e1c06
humanhash:	enemy-network-angel-eighteen
File name:	Our New Order Feb 22 2021 at 2.30_PVV440_PDF.img
Download:	download sample
Signature	NetWire Create hunting rule
File size:	1'245'184 bytes
First seen:	2021-02-22 18:52:43 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:v822C59+VPkKma5cJwhGAd93Y2nf3AVZWjNMdeytvn:F5wP135cJw5d36Qjfy
TLSH	4145AD256B48BB2CE57E9737C9A0545F93FAEC1382A2D52B3CE131AF4D63F844720916
Reporter	abuse_ch
Tags:	img NetWire RAT

abuse_ch

Malspam distributing NetWire:

HELO: servidor2.mediosenred.tv
Sending IP: 5.145.175.121
From: Dusan Matkovic <Dusan.azih@getinge.com>
Subject: RE: AW: Our New Order//Shipment No.00187
Attachment: Our New Order Feb 22 2021 at 2.30_PVV440_PDF.img (contains "Our New Order Feb 22 2021 at 2.30_PVV440_PDF.exe")

NetWire RAT C2:
mmakopl.duckdns.org:5569