MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4da76d69fd77d031b5bed3ebeb19b0e542299d66de145c52c03808114171ae5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4da76d69fd77d031b5bed3ebeb19b0e542299d66de145c52c03808114171ae5d
SHA3-384 hash: fc1a6024f1d03855dd7e711de13c2643e2a139f293f7b339b159db51e5e4900fa08dd593358c703a51f46a81a9b9e157
SHA1 hash: 1a834dcffd6eb2fd7c5219cddecaf613f911e388
MD5 hash: 6f089e3987ac39c27e1d4a71678748d9
humanhash: maryland-mountain-glucose-carpet
File name:Proof of Payment.cab
Download: download sample
Signature NetWire
Create hunting rule
File size:859'825 bytes
First seen:2020-06-08 06:08:22 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 24576:nm9vvaLdQpiGqaOu7VgTIrM1V+eeP8SvKRDndP:nm9vvIQptqa7VgT1V+eA8p9ndP
TLSH A905337052837AD6F9D3747A016F8B159AD6E14AFDBCAE2E3D676C910483503F428AC3
Reporter abuse_ch
Tags:cab NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: server.jcweb.co.za
Sending IP: 164.160.89.119
From: Paymentemail@fnb.co.za <paymentemail@fnb.co.za>
Reply-To: no-reply@fnb.co.za
Subject: Payment Notification
Attachment: Proof of Payment.cab (contains "PAYMENT NOTIFICATION.exe")

NetWire RAT C2:
154.16.93.174:3389

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:10:08 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jwtw22p5o7iddnn62pv6wgnq4vbcthlg3ykfyuwahaebcqlrvzoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

cab 4da76d69fd77d031b5bed3ebeb19b0e542299d66de145c52c03808114171ae5d

(this sample)

NetWire

Executable exe dd2dc3081d027e38011847c87abe8128674c59018c6fb991a0351c545e9d8d83

  
Dropping
MD5 fcd42acebde54903f677e41baa08620d
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dd2dc3081d027e38011847c87abe8128674c59018c6fb991a0351c545e9d8d83

Comments