MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2027f21a0b90ed9d6fb6c154004a583ca7f9c56d4235c71baf8004e0e269616. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2027f21a0b90ed9d6fb6c154004a583ca7f9c56d4235c71baf8004e0e269616
SHA3-384 hash: 99a791aa875b8a903096a36909782a44eb5dfd9cc0c4c2773bd2994e2cdfed1d6994b6668f8971ae23f8ab1181addd5f
SHA1 hash: f888fed003b03a0c06109512ee881c909dd84f06
MD5 hash: 7b2e68efe333bafddb048b98ea07b1cf
humanhash: december-early-orange-one
File name:FABRICS_100% COOTON.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:460'524 bytes
First seen:2020-10-23 06:52:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:HBSSyLTiUHix22BcYLEecosyTca7Hnrc+7tY:hSdLTCYHHyVHrpRY
TLSH 4CA423C5B443A0E1AAC98CD72713DFC558D46007DE8E0A7A8D66C3C2B43EF6763AE558
Reporter abuse_ch
Tags:NetWire rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.eww-group.com
Sending IP: 111.90.146.99
From: Vertex Win Apparel Sourcing <vertexapparelsourcing@gmail.com>
Reply-To: vertexapparelsourcing@gmail.com
Subject: Fabrics 100% Cotton (Fashion Order); PO# 4035656 - 4035671
Attachment: FABRICS_100% COOTON.rar (contains "FABRICS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2027f21a0b90ed9d6fb6c154004a583ca7f9c56d4235c71baf8004e0e269616/
Threat name:
Win32.Trojan.NetWired
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 06:01:30 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uibh6inaxehntvx3nqkuabffqpfh7hcw2qrvy4n27aae4drgsyla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar a2027f21a0b90ed9d6fb6c154004a583ca7f9c56d4235c71baf8004e0e269616

(this sample)

NetWire

Executable exe 8546c35ea3d72e58b06dbcdb3d790fe9d39772ec986a2b89c406daab67efe79b

  
Dropping
MD5 345f40c742fafe0ab03e549e0a18eaee
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8546c35ea3d72e58b06dbcdb3d790fe9d39772ec986a2b89c406daab67efe79b

Comments