MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d170b98582f6bc3c40e9ee714fff890ad806fdbc2472c6442cda9dac8a0e2d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d170b98582f6bc3c40e9ee714fff890ad806fdbc2472c6442cda9dac8a0e2d8
SHA3-384 hash: deb58372da3b6c9533c967101b70435541607816b8fa701096e03719e1e140da2be5db1c304812b641fcd1f42b868ff8
SHA1 hash: 2ceaf2b58fa4bbf106dd73dbbfc098156c0b0ea8
MD5 hash: e120ccdfdd62506dd07fbb421825ff12
humanhash: early-december-glucose-pennsylvania
File name:Payment notification.r10
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2021-02-22 07:28:45 UTC
Last seen:Never
File type: r10
MIME type:application/x-iso9660-image
ssdeep 12288:aIJElPCu4Uodhi+AY1NNBYvP/uPMfZ1PGjufL2nIjyewRzs8aAkas6cw6fe:aIiPCu/shxzYGPMfjPQKLWRzGEPRf
TLSH D345121823D82316E5BE67F7697116042371BA2AA435E15E7EDC10DD63B27C0DAB2F23
Reporter abuse_ch
Tags:NetWire r10 RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: infinitymail.dedicated.co.za
Sending IP: 154.0.174.127
From: Capitec Bank <No-reply@capitecbank.co.za>
Reply-To: No-reply@capitec.co.za
Subject: Payment Notification
Attachment: Payment notification.r10 (contains "PAYMENT_.EXE")

Intelligence

File Origin
# of uploads :
1
# of downloads :
279
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d170b98582f6bc3c40e9ee714fff890ad806fdbc2472c6442cda9dac8a0e2d8/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-22 07:29:23 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nulqxgcyf5v4hraot3trj77yscwya363yjdsyzcczwu5vsfa4lma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

r10 6d170b98582f6bc3c40e9ee714fff890ad806fdbc2472c6442cda9dac8a0e2d8

(this sample)

NetWire

Executable exe 17e6d7c107027e70986b47c51333b519c0c4b779f0c010462bfaaa740e7e7b18

  
Dropping
MD5 a419de086876ac9ffc25366e56c8c852
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 17e6d7c107027e70986b47c51333b519c0c4b779f0c010462bfaaa740e7e7b18

Comments