MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3fe35a5b81cae4b41aff85d47409a0f0b39724c569b58972eac87595a30b8ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3fe35a5b81cae4b41aff85d47409a0f0b39724c569b58972eac87595a30b8ba
SHA3-384 hash: da2eb128a36435bc0a377ea7a689bd94f5916ef5c2bf464f3f4c7e4a1ba5cf65f0d881c9750dabae7b216c1c71ab50e5
SHA1 hash: b56771421ac2f51506ddda052698987b1e8757cd
MD5 hash: 8ec9c612f2f1076835f73f95710087f0
humanhash: mirror-tango-autumn-don
File name:Acil teklif talebi_JUSTEEL_AW456315_pdf.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:455'301 bytes
First seen:2020-05-04 21:11:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ENbTukLn7WxDI/tlrSqTjVxcFFUFzDJmIGg9hBWjfS+WCKER/FbTXeLsdzzm+SCD:8nL7WxGrlTjVio5JPGgAjK+WCR3vUKvP
TLSH C1A423F046A54EA8989DF4934897CFB8CE90070B6383D22FA89CDFF991512249577C9F
Reporter abuse_ch
Tags:geo NetWire rar RAT TUR


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: antispamgw5.antispamgw.com
Sending IP: 95.173.181.11
From: Oğuz Çelikel <ocelikel@justeel.com.tr>
Subject: HEMEN TESLİMAT İÇİN TEKLİF VE\x0a FATURA TALEBİ.
Attachment: Acil teklif talebi_JUSTEEL_AW456315_pdf.rar (contains "Acil teklif talebi_JUSTSTEEL_AW456315_pdf.exe")

NetWire RAT C2:
46.183.222.36:4710

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 21:37:01 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=up7dljnydsxewqnp7bouoqe2b4fts4smk2nvrfzovsdvswrqxc5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar a3fe35a5b81cae4b41aff85d47409a0f0b39724c569b58972eac87595a30b8ba

(this sample)

NetWire

Executable exe d38d364257aae9a96f861fc772480694e039d01e3f7897f347341d78d74444ca

  
Dropping
MD5 f7d8d909c55ded327ac5e56b14ad6f95
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d38d364257aae9a96f861fc772480694e039d01e3f7897f347341d78d74444ca

Comments