MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93db7fe21a717739678235265d7982e344bdb5cc361ba4493b6129792e8f03a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93db7fe21a717739678235265d7982e344bdb5cc361ba4493b6129792e8f03a9
SHA3-384 hash: 18a70039b0ef4fd7bbd0d4d7f1e16c20534cf4c9e249e4961b9b8e0770c16d393d18b1b8b6bff3e57f2a55433a1086e7
SHA1 hash: c707401cd60dd4654c1aaa6e2adaa0b76d5b3817
MD5 hash: 601c715f26243ea660b1333e2f97303f
humanhash: virginia-princess-equal-alabama
File name:Proof of Payment.img
Download: download sample
Signature NetWire
Create hunting rule
File size:2'031'616 bytes
First seen:2021-01-19 07:35:56 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:2K+VTxMRa62knGKwQu4wAKg3uW7hGX8nhpklhumF:XyMwPknPwlQ3u0hG+klH
TLSH DD95D6AC722071EFC857D4B29AA81DA8EA547C7B431B4503E46736ADDA3C897CF144F2
Reporter abuse_ch
Tags:img NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail.getemails.website
Sending IP: 5.189.220.185
From: Nedbank <Notification@nedbank.co.za>
Reply-To: No-reply@nedbank.co.za
Subject: Payment Notification
Attachment: Proof of Payment.img (contains "Proof of Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
316
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Genkryptik-9822492-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93db7fe21a717739678235265d7982e344bdb5cc361ba4493b6129792e8f03a9/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 04:34:58 UTC
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=spnx7yq2of3tsz4cgutf26mc4ncl3nomgyn2isj3meuxslupaouq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93db7fe21a717739678235265d7982e344bdb5cc361ba4493b6129792e8f03a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img 93db7fe21a717739678235265d7982e344bdb5cc361ba4493b6129792e8f03a9

(this sample)

NetWire

Executable exe ef9e50bbc71c2f7c213f49e413cebab25733d52f82f2197ab256471ecb3db3bf

  
Dropping
MD5 630c736f4a8124225065b21a153b889d
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ef9e50bbc71c2f7c213f49e413cebab25733d52f82f2197ab256471ecb3db3bf

Comments