MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 630050f2c1fc08020776916559178d55a90075c8afe5b429068d59be2071eeec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 630050f2c1fc08020776916559178d55a90075c8afe5b429068d59be2071eeec
SHA3-384 hash: 9ecacd6824fdf1a7e44d6bd73d876309256d4ee1fc227609f462f3955fb258868c8f601134dd874286899c338a5339e8
SHA1 hash: 85a8a94fde8b9c6d360327b9be6af1466ce23c67
MD5 hash: 4c07c726cb2c89ba44456e115a65bb27
humanhash: winner-beer-seventeen-enemy
File name:PaymentConformation.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2020-11-19 07:21:51 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:IxUFiWWalWXN6uztAt3AqvHSxrAhO3Pubth+y+7QJ4KB:EUualEPzmt3JPW08yt
TLSH 3F45BE9C791071DEC51BC5BA8AA4EC74A6607C77530B8243A5DB1DEBBA1CA87CF140E3
Reporter abuse_ch
Tags:img NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail.getemails.space
Sending IP: 45.147.162.68
From: Stardardbank <admin@getemails.uno>
Reply-To: noreply@standardbank.co.za
Subject: Payment confirmation
Attachment: PaymentConformation.img (contains "PaymentConformation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
306
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/630050f2c1fc08020776916559178d55a90075c8afe5b429068d59be2071eeec/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 07:22:07 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mmafb4wb7qeaeb3wsfsvsf4nkwuqa5oiv7s3ikigrvm34idr53wa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 630050f2c1fc08020776916559178d55a90075c8afe5b429068d59be2071eeec

(this sample)

NetWire

Executable exe 060ef35b985d05b93d0e647a68cdbb83d651a8b5fb36b234c94f3181d2d30aa3

  
Dropping
MD5 01ab21e031e660ecf392be7d5c1fa62b
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 060ef35b985d05b93d0e647a68cdbb83d651a8b5fb36b234c94f3181d2d30aa3

Comments