MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a69f60881645ba6864339a84a15f3893fe2c35e77500e5cdfe52d91f49ec0440. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a69f60881645ba6864339a84a15f3893fe2c35e77500e5cdfe52d91f49ec0440
SHA3-384 hash: 59bfc6162c4eb4751ec6c76c0477ddfe8778a3164d79f580ca3852ef97e081605317aaf32d3121d78bc6b99fd1485d0e
SHA1 hash: 56c49552ea03e9f9a2cb8d5f31a09a0185e5ccce
MD5 hash: 5a8a4c85dd0cdd9d57d6a2125cfdbda4
humanhash: friend-burger-high-minnesota
File name:DHL_Mar 2021 at 1.30_8BZ290_PDF.img
Download: download sample
Signature NetWire
Create hunting rule
File size:1'245'184 bytes
First seen:2021-03-03 06:23:55 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:l8LxBmOyhzr/piX6AQzaA278eGQb5uXUwVIqyG:lbrRwlQzaA2Ie8XH
TLSH E24512156BD182FAEAC323316B76A73DF27FC604695288877F9D6E2E5F409474B042C2
Reporter abuse_ch
Tags:DHL img NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail.golem.es
Sending IP: 82.194.91.23
From: DHL EXPRESS <noreply@dhl.com>
Subject: Re: DHL Notification / DHL_AWB_001179703/ETD
Attachment: DHL_Mar 2021 at 1.30_8BZ290_PDF.img (contains "DHL_Mar 2021 at 1.30_8BZ290_PDF.exe")

NetWire RAT C2:
mkv45.ddns.net:7210

Intelligence

File Origin
# of uploads :
1
# of downloads :
296
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a69f60881645ba6864339a84a15f3893fe2c35e77500e5cdfe52d91f49ec0440/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u2pwbcawiw5gqzbttkckcxzysp7cynphouaoltp6klmr6spmaraa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
netwire
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a69f60881645ba6864339a84a15f3893fe2c35e77500e5cdfe52d91f49ec0440

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img a69f60881645ba6864339a84a15f3893fe2c35e77500e5cdfe52d91f49ec0440

(this sample)

NetWire

Executable exe 328908f054c4a82ebcb35127b0e9c7924dcdb6c134b76f01b269a2dd23967b18

  
Dropping
MD5 dde416475ac0ac6e5af6caa5f3eda9b1
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 328908f054c4a82ebcb35127b0e9c7924dcdb6c134b76f01b269a2dd23967b18

Comments