MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 811227a58fc1bf2bc0bd43ce924c363e3efcae6c7a466f2617793d9d2d4ca942. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 811227a58fc1bf2bc0bd43ce924c363e3efcae6c7a466f2617793d9d2d4ca942
SHA3-384 hash: aa9bd40b2b34ea1561a6c14197f5aec2aff17c0aa31ded1ea511b324f5e4edf6a7cfeb6139f54a2c7cc0b9b06e896089
SHA1 hash: b67eec7f584755084728733c99b9e9e22cae11cc
MD5 hash: 4666415fc65e06af2d44c98fe5784983
humanhash: snake-chicken-lake-fillet
File name:Proof of Payment.z
Download: download sample
Signature NetWire
Create hunting rule
File size:977'977 bytes
First seen:2020-08-28 06:32:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:l3id4fDyoymuslDb9Z5sksfppLuwzCrv9FQ9Sadki81Y:lpDyotueDn5sbffLuwz0969SaP
TLSH D625335E6BF65E8530300FF18C229B505ADA0C9BD411DE618B8E3E6935BE6F24BC15B2
Reporter abuse_ch
Tags:NetWire RAT z


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail.genoxy.tk
Sending IP: 45.147.162.159
From: Notification@nedbank.co.za
Reply-To: No-repIy@nedbank.co.za
Subject: Payment Notification
Attachment: Proof of Payment.z (contains "Proof of Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-9102409-0
Create hunting rule

Win.Malware.Vasal-9406011-0
Create hunting rule

Win.Malware.Nanocore-9406023-1
Create hunting rule

SecuriteInfo.com.Gen.Variant.Johnnie.221809.751.14920.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/811227a58fc1bf2bc0bd43ce924c363e3efcae6c7a466f2617793d9d2d4ca942/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-28 06:33:11 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qejcpjmpyg7sxqf5iphjetbwhy7pzltmpjdg6jqxpe6z2lkmvfba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/811227a58fc1bf2bc0bd43ce924c363e3efcae6c7a466f2617793d9d2d4ca942

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

zip 811227a58fc1bf2bc0bd43ce924c363e3efcae6c7a466f2617793d9d2d4ca942

(this sample)

NetWire

Executable exe 90bb157f9c5241f567eb56be38e3ba9f51a0ec5a8da3c77fdb1bed1f2095c39b

  
Dropping
MD5 5c145bcd4ec07ab79558d72affbed677
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90bb157f9c5241f567eb56be38e3ba9f51a0ec5a8da3c77fdb1bed1f2095c39b

Comments