MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8703189c4daa93f00f2df754ec0c15a99a5de04aae76d95f38befb3285302981. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8703189c4daa93f00f2df754ec0c15a99a5de04aae76d95f38befb3285302981
SHA3-384 hash: 5b7ff69b8f8ac9fa291dad2cc78b9ba1b37a21dc6fbb65aa93c5941015949bce8f20d2b638bf6250a243bb627d102db1
SHA1 hash: 8609fff66c77f08a8fe28336a0c97444500aad80
MD5 hash: 71b8fa2a3648f02cbc42345764c87dd3
humanhash: mars-texas-diet-gee
File name:Scan_Quote 16 Mar 2020 at 1.85_Bz5543_PDF.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2021-03-17 06:34:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:uhjmmejORX37kOr+XaPZAZMj6A1CVVUpjEduX1Lb48dfXuOT:6ejgwfqKMj6AqipjEd2ts8dfF
TLSH 16450122A5808473F9B65BB512369A98F3B58DCA2DF14D0BBB4C3B563BF20C3481655F
Reporter cocaman
Tags:img NetWire


Avatar
cocaman
Malicious email (T1566.001)
From: ""Lloyd V. Pangilinan" <tecnico@hormigonesmarmenor.com>" (likely spoofed)
Received: "from server15158.comalis.net (server15158.comalis.net [91.191.151.58]) "
Date: "Tue, 16 Mar 2021 22:59:51 +0100"
Subject: "RE: New Order/Shipment"
Attachment: "Scan_Quote 16 Mar 2020 at 1.85_Bz5543_PDF.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
369
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1756.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8703189c4daa93f00f2df754ec0c15a99a5de04aae76d95f38befb3285302981/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-17 06:35:11 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q4brrhcnvkj7adzn65koydavvgnf3yckvz3nsxzyx35tfbjqfgaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
netwire
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8703189c4daa93f00f2df754ec0c15a99a5de04aae76d95f38befb3285302981

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 8703189c4daa93f00f2df754ec0c15a99a5de04aae76d95f38befb3285302981

(this sample)

NetWire

Executable exe ee105aefe05012972398fb6eed4c5b408b1c7c81072a5b97e99cd4072c4f853f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee105aefe05012972398fb6eed4c5b408b1c7c81072a5b97e99cd4072c4f853f
  
Dropping
NetWire

Comments