MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063
SHA3-384 hash: 597a5c6f2e82bdb253c23ca969308144dd99c2d67c230b856f080e339a8fa3d36a05fee526dd36083653feb119204251
SHA1 hash: 695255ca153effae31e7c7b77e7f39bcd563003c
MD5 hash: 297282d787079090bf2d5c8377a09735
humanhash: high-georgia-delaware-vegan
File name:Solictud_de_cotizacion 3699663-2020.uue
Download: download sample
Signature NetWire
Create hunting rule
File size:548'755 bytes
First seen:2020-07-31 12:17:25 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:izPod0i1SIIpUHMMfwLzx2pN+2qEj5Q8F8O9Sk73bcWa5Rw:iL20jUscut2pEeVZiO4Ic7Rw
TLSH EFC4334DEBEB99E55B80CFFD9A40ECAACD3665710870A0D0E4A78E87395D1C04748EE4
Reporter abuse_ch
Tags:NetWire RAT t-online uue


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mailout10.t-online.de
Sending IP: 194.25.134.21
From: Jimena Espinoza | NACOLPERU <Zahnarztpraxis-Kugler@t-online.de>
Reply-To: jsntfxqvip.163@gmail.com <jsntfxqvip.163@gmail.com>
Subject: Nuevo orden (NACOL S.A.) Julio / Agosto
Attachment: Solictud_de_cotizacion 3699663-2020.uue (contains "Solictud_de_cotizacion (3699663-2020).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
303
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063/
Threat name:
Win32.Trojan.DataStealer
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 12:19:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i4v5e3qn5q3fu5n3aacgwebfy5ol3xd4vvho67cqee6ghaxv2brq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

uue 472bd26e0dec365a75bb00046b1025c75cbddc7cad4eef7c50213c6382f5d063

(this sample)

NetWire

Executable exe e232e9c0d66770fe8e50466f3dd073160a8ddaf565ed0382ce997226c1b364dd

  
Dropping
MD5 748e4a49b7e306d7eb45aaa7b10faf5d
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e232e9c0d66770fe8e50466f3dd073160a8ddaf565ed0382ce997226c1b364dd

Comments