MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f4f593973bf2ffcd0e4a019f40f86a2c341c10d4e3045ea16e6fd9911a86e03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f4f593973bf2ffcd0e4a019f40f86a2c341c10d4e3045ea16e6fd9911a86e03
SHA3-384 hash: 242fd0e0c87d0e7fece30fd29aa562e67bd7020cf43c1341b5837c05ee087b1894bfadb325d28820bb89c8ce04add482
SHA1 hash: 92efa2288e9ca5a65fe3e9d3239aced11e31b1e2
MD5 hash: 01772f27d6920f3ef8ad131dca2c9ef5
humanhash: pip-gee-november-equal
File name:Scan_0011121021000.7z
Download: download sample
Signature NetWire
Create hunting rule
File size:248'511 bytes
First seen:2021-01-06 07:15:49 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 6144:gRMYXbvtcXyn1hXn6glStb0se+suuL2OxS3A0EH7GX0ouPGm:gH2i1hXmtClyO4Afi2+m
TLSH 9034222B96C2A6E044F89F07ACEB58F1DE44E8517BC4D15ABCEC85E17852DB4C002F7A
Reporter abuse_ch
Tags:7z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mogtanx.com
Sending IP: 153.122.44.55
From: Yeung Sai Man <otulla@saranadinamika.co.id>
Subject: New Order 2021
Attachment: Scan_0011121021000.7z (contains "Scan_0011121021000.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36009656.24398.2363.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f4f593973bf2ffcd0e4a019f40f86a2c341c10d4e3045ea16e6fd9911a86e03/
Threat name:
Win32.Backdoor.NetWiredRc
Create hunting rule
Status:
Malicious
First seen:
2021-01-06 00:39:36 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t5hvsoltx4x7zuheuam7id4gulbudqinjyyel2qw436zseninybq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9f4f593973bf2ffcd0e4a019f40f86a2c341c10d4e3045ea16e6fd9911a86e03

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

7z 9f4f593973bf2ffcd0e4a019f40f86a2c341c10d4e3045ea16e6fd9911a86e03

(this sample)

NetWire

Executable exe 738e16b6660e32ed957f9fd9e0c5cea56b1aaa7695bcdb56998ca9866071e32b

  
Dropping
MD5 dfbdf304ffb322276a26f4d7ac26ea34
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 738e16b6660e32ed957f9fd9e0c5cea56b1aaa7695bcdb56998ca9866071e32b

Comments