MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51ffc7a0d345b5b01709f51fb8e6c3dd178fb89adccd7a3aad8cb0d6584f320d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51ffc7a0d345b5b01709f51fb8e6c3dd178fb89adccd7a3aad8cb0d6584f320d
SHA3-384 hash: cc305390f739c8800e946291aacb094f98ac78bb1a1701fa175a1e7add9394d80d1be4e697effa954b6155c7979aa3ca
SHA1 hash: 7e2aa0bde6d621aa7242e81a98ab4a32c48fa90b
MD5 hash: a425430c98ab5080f1f5e5eb24adc809
humanhash: harry-purple-venus-kansas
File name:Eurobelt RFQ 203345_20200626100122637_PDF.r00
Download: download sample
Signature NetWire
Create hunting rule
File size:440'751 bytes
First seen:2020-06-26 11:42:59 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:3qyiJgwUCVVc8bUaRNjaddCpZiiyG+GJ0n0x/wkXq:LwUCVVTbUabioZBfUm4P
TLSH E794236044AF8D57C97DB498F0B01FF72652296AD5A45C10988BFD22DFBEF9302ACC60
Reporter abuse_ch
Tags:NetWire r00 RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail0.newstarkitz.xyz
Sending IP: 194.187.249.118
From: Eurobelt <admin@newstarkitz.xyz>
Subject: Anmodning om tilbud
Attachment: Eurobelt RFQ 203345_20200626100122637_PDF.r00 (contains "Eurobelt RFQ 203345_20200626100122637_PDF.exe")

NetWire RAT C2:
sydor.tjsosda.com:5536

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51ffc7a0d345b5b01709f51fb8e6c3dd178fb89adccd7a3aad8cb0d6584f320d/
Threat name:
Win32.Backdoor.NetWiredRc
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 11:44:08 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kh74pigtiw23afyj6up3rzwd3uly7oe23tgxuovnrsynmwcpgigq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

r00 51ffc7a0d345b5b01709f51fb8e6c3dd178fb89adccd7a3aad8cb0d6584f320d

(this sample)

NetWire

Executable exe e6db6d5f9019bdefffc749264a267c1927dcf5eba5a7ea3dfb10db457b6b2a16

  
Dropping
MD5 e84685ec0b33fb56abead1aaf166b8ad
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6db6d5f9019bdefffc749264a267c1927dcf5eba5a7ea3dfb10db457b6b2a16

Comments