MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58b61bee34227ad25a7754245493a9790ed147520ed14d3d91d686aba8be699b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58b61bee34227ad25a7754245493a9790ed147520ed14d3d91d686aba8be699b
SHA3-384 hash: 0590887b5b06092d5d49a51e13d735e3ac008c33c4e4a101073a01bed0ccb5bbf1126d0cb702a49a79517c91ff25bf55
SHA1 hash: 556d811a3ca4d6a10262a90dd5250d728e987c9b
MD5 hash: 5982aed8f0bc7fd0b92acee1adc2ba9c
humanhash: orange-florida-ink-missouri
File name:Fatura.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:522'604 bytes
First seen:2021-02-24 15:05:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:afN7g8NShj7YWL3fXeYJ70ejiZEJg1bInVjK6EiRwoZ9Nqi7U:afNs8NSh/Y+mC0ejnJg1sQTqTqB
TLSH F4B4233D5904CAC9B4E13FB1113EA0FC405E25A813E768446E55ED06DBB7FAFE4CA285
Reporter abuse_ch
Tags:NetWire rar RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail0.pawcompany.store
Sending IP: 143.110.221.121
From: MTEC Co Ltd <info@pawcompany.store>
Subject: Re: Fatura
Attachment: Fatura.rar (contains "Fatura.exe")

NetWire RAT C2:
necerfail.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodRar-AIC.29734.2395.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58b61bee34227ad25a7754245493a9790ed147520ed14d3d91d686aba8be699b/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 15:06:31 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lc3bx3ruej5newtxkqsfje5jpehncr2sb3iu2pmr22dkxkf6ngnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar 58b61bee34227ad25a7754245493a9790ed147520ed14d3d91d686aba8be699b

(this sample)

NetWire

Executable exe 5d3724894277765b2182d26064f7891d58b3f3614f6adaa281a7b673d2b7b071

  
Dropping
MD5 fe34cb07d710d922bda89fc12cc1bcb9
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d3724894277765b2182d26064f7891d58b3f3614f6adaa281a7b673d2b7b071

Comments