MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 709096102a8bcb439289f95a1786c94df7f715aa4f5114cd22357b8ff1222559. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 709096102a8bcb439289f95a1786c94df7f715aa4f5114cd22357b8ff1222559
SHA3-384 hash: 38a836dce782cd617cd8117236e0b3a8783e8441e568fdb52b5fd756d3e271bc277449463de4a520295d8a012b435e3e
SHA1 hash: 4e3ae4902c683ce1cd18f849d5c772d9590763a4
MD5 hash: fe7478b1e64321e069911d200c286cc3
humanhash: freddie-pasta-leopard-four
File name:NERT_08.10.2020.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:502'286 bytes
First seen:2020-10-09 11:32:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:8V1FllHu0593hHH3n6qjVJpO1P395PoLTJQce:YFLb5XH3n6qDpOdP+C7
TLSH 43B42392781159833CCAE17DF54691AD320BBB5AFFAC5D2CD73022D28F8A255C395B38
Reporter abuse_ch
Tags:NetWire rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: jupiter.ileysinc.com
Sending IP: 209.133.220.9
From: NEFTRTGS.QUERY <nefthelpdeskncc@rbi.org>
Subject: RTGS FAILED ON 08.10.2020
Attachment: NERT_08.10.2020.rar (contains "NERT_08.10.2020.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/709096102a8bcb439289f95a1786c94df7f715aa4f5114cd22357b8ff1222559/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 10:34:19 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ocijmebkrpfuheuj7fnbpbwjjx37ofnkj5irjtjcgv5y74jcevmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/709096102a8bcb439289f95a1786c94df7f715aa4f5114cd22357b8ff1222559

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar 709096102a8bcb439289f95a1786c94df7f715aa4f5114cd22357b8ff1222559

(this sample)

NetWire

Executable exe 29e2a8176598cb686dad7e472e9a892b9569263f448dbe9ecd5b5c660e447b12

  
Dropping
MD5 a7fe7c6d0f88745cda12568015484074
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 29e2a8176598cb686dad7e472e9a892b9569263f448dbe9ecd5b5c660e447b12

Comments