MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73f88658c151be2c83d1b7ee8220dad0f52a23fdc94aae8ef86fcd67e9448d09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	73f88658c151be2c83d1b7ee8220dad0f52a23fdc94aae8ef86fcd67e9448d09
SHA3-384 hash:	cd123b63f2de7d6a52b392d8e448029c30d54962314f8a6474869474ec4670aa89c80a644a3c686f08d016dcfa288207
SHA1 hash:	f0aff256ef2b4d220c456607395c969b2a1035a1
MD5 hash:	d0402682510bd3b6e3f04635e8d2473b
humanhash:	grey-oklahoma-ohio-berlin
File name:	FeDEx TRACKING DETAILS.PDF.z
Download:	download sample
Signature	NetWire Create hunting rule
File size:	242'448 bytes
First seen:	2021-01-13 20:18:46 UTC
Last seen:	Never
File type:	z
MIME type:	application/x-rar
ssdeep	6144:6qFagy7x0voqxHxvbF92aCvs01x2S5QiU4GVcMH8wQL33S8ZsKw+:9FS7xIHxRRSx2So4GxCL33Su/h
TLSH	F33422747CC1F839BB8B8BB7FC6873FDAA95ACF2718820990548203A5BD75403679647
Reporter	abuse_ch
Tags:	FedEx NetWire RAT z

abuse_ch

Malspam distributing NetWire:

HELO: server.growtying.tk
Sending IP: 188.225.75.181
From: FedEX OFFICE <fedex@growtying.tk>
Subject: FedEx ONLINE SHIPPING PARCEL ARRIVAL NOTIFICATION DATED 13TH JAN 2021
Attachment: FeDEx TRACKING DETAILS.PDF.z (contains "FeDEx TRACKING DETAILS.exe")