MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96d8bd11fd28006c4a78c6e4b8bdfbb55428c08cca81e5317f6934e7feb2e5b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96d8bd11fd28006c4a78c6e4b8bdfbb55428c08cca81e5317f6934e7feb2e5b5
SHA3-384 hash: 391e3d9d8f14d581429e56a03ba597b2a2074330767b99c44efc1564ad905e61219da00a45cc7e3df42c74ce72a2f5ff
SHA1 hash: f2015fc9201dcb1ebd7fdb23928505616a511055
MD5 hash: e7296e95537bb7d62ee88c511b177020
humanhash: hawaii-hawaii-pip-tango
File name:Booking Confirmation 02162021900 - copy -PDF.uu
Download: download sample
Signature NetWire
Create hunting rule
File size:45'367 bytes
First seen:2021-02-16 13:58:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:rCFl+EN71BDRRl7gu49zuKZbf2Rh8+BsueUyXruUpiPvoMw:ro+E/BDV0t1uKZbuRhIZUyXruwiXoMw
TLSH D813F1925BC848B7995070787D36CCCB5C75E8C3E47885895C2FB7E509AE588F0FA886
Reporter abuse_ch
Tags:Maersk NetWire uu


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: smtpgw.hepsibulutta.com
Sending IP: 46.4.185.122
From: ''Maersk Booking Service'' <maerskbooking_dept2@protonmail.com>
Reply-To: ''Maersk Booking Service'' <maerskbooking_dept2@protonmail.com>
Subject: Re: Shipment Booking Confirmation.
Attachment: Booking Confirmation 02162021900 - copy -PDF.uu (contains "Booking Confirmation 02162021900 - copy -PDF.exe")

NetWire RAT C2:
spotless212.nerdpol.ovh:6080

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96d8bd11fd28006c4a78c6e4b8bdfbb55428c08cca81e5317f6934e7feb2e5b5/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3ml2ep5faagystyy3slrpp3wvkcrqemzka6kml7ne2op7vs4w2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/96d8bd11fd28006c4a78c6e4b8bdfbb55428c08cca81e5317f6934e7feb2e5b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar 96d8bd11fd28006c4a78c6e4b8bdfbb55428c08cca81e5317f6934e7feb2e5b5

(this sample)

NetWire

Executable exe c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3

  
Dropping
MD5 20c11d30d651cdc31ee60892280d61b6
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c3ca97abe1f0584928691bf13d02b25a4e20288a2477e466d67000c0bbe04df3

Comments