MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7725164ebcdb419ce617cf674c4b2935a28be57c6882f4f54366114d3d1fd709. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7725164ebcdb419ce617cf674c4b2935a28be57c6882f4f54366114d3d1fd709
SHA3-384 hash: abcba406bc84c53ff06db4d8db42d707e88852dee3b2737875f03abb77f90e148a09a1eb5dc40c0b2b905731021c737e
SHA1 hash: f9b8a7c927e03a779b8de345c74fd042c8f0801f
MD5 hash: 081f90a1d6b73603da3bccde2ddd2d62
humanhash: pizza-fanta-hawaii-maryland
File name:Booking Confirmation 02222021951 - copy -PDF.uu
Download: download sample
Signature NetWire
Create hunting rule
File size:170'728 bytes
First seen:2021-02-22 07:51:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:AEHPgDbPpJ6rKTcRNRjMAovsxLTvrZ3NucjhW4q/Q0YJD6h5Bz:LHoDTtT4NRQpvsxdd5jh7q40YJD6jBz
TLSH E3F312D70E1F12B107AB5D6A6BA3458F567910B886B87EA2B54423BDA2DE430010FEC7
Reporter abuse_ch
Tags:Maersk NetWire RAT uu


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: smtpgw.hepsibulutta.com
Sending IP: 46.4.185.122
From: ''Maersk Booking Service'' <maerskbooking_dept3@protonmail.com>
Reply-To: ''Maersk Booking Service'' <maerskbooking_dept3@protonmail.com>
Subject: Re: Booking Confirmation.
Attachment: Booking Confirmation 02222021951 - copy -PDF.uu (contains "Booking Confirmation 02222021951 - copy -PDF.exe")

NetWire RAT C2:
winwin545456478456.awsmppl.com:1177

Intelligence

File Origin
# of uploads :
1
# of downloads :
304
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7725164ebcdb419ce617cf674c4b2935a28be57c6882f4f54366114d3d1fd709/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 07:51:07 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4srmtv43nazzzqxz5tuyszjgwrixzl4ncbpj5kdmyiu2pi724eq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar 7725164ebcdb419ce617cf674c4b2935a28be57c6882f4f54366114d3d1fd709

(this sample)

NetWire

Executable exe 91f4cceeb3b8d11e2408bd72aead7513f7031226e5ebc969611379b1bd04256a

  
Dropping
MD5 c25d23171d41933e7345dcdfb1788dc4
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 91f4cceeb3b8d11e2408bd72aead7513f7031226e5ebc969611379b1bd04256a

Comments