MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a84dc7322fd4d1e0ab76c5936d3cfa6b5bcb24928402b6fa5f8e69618f405a7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a84dc7322fd4d1e0ab76c5936d3cfa6b5bcb24928402b6fa5f8e69618f405a7d
SHA3-384 hash: 57ea212fd65647d94e4904a007611b81e3333d3c832d89078f35a60d4b7c7a9a1db8e3a194459193736096d554472f2b
SHA1 hash: 85a4fe6ab7c1f33a06b3a700b726bf61514aee97
MD5 hash: 6697ae3aab09cb9c3a07b5c1f400a679
humanhash: ten-football-vermont-delaware
File name:Purchase order.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:283'587 bytes
First seen:2020-06-09 05:14:41 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:fjASfkr6PZQ3wjU9rY/5aSp/h0zH+rKOiCUBQv/VjuB:fMUAOU9ZShhqe1iMv/VjA
TLSH 295423BD9B483C12E3D4D8CA0CC5880A9F5B897A4B83CA09C4EF58750761E671FDBAD5
Reporter abuse_ch
Tags:NetWire rar RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: shbc10.ultina.jp
Sending IP: 218.40.207.10
From: sales05 <contact@hesp.com>
Reply-To: karensdwind@null.net
Subject: PRICE REQUEST FOR ORDER
Attachment: Purchase order.rar (contains "Purchase order.exe")

NetWire RAT payload URL:
https://cdn.discordapp.com/attachments/719603727690104866/719611633692966971/Jkaqcds

NetWire RAT C2:
rgussy.ddns.net:3871 (213.5.64.11)

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 05:16:07 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vbg4omrp2ti6bk3wywjw2ph2nnn4wjesqqbln6s7rzuwdd2alj6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar a84dc7322fd4d1e0ab76c5936d3cfa6b5bcb24928402b6fa5f8e69618f405a7d

(this sample)

NetWire

Executable exe 040a69fe6d68904cbb33cffa3930c2a9d2d4a16377c730e8db78386034e1bfd3

  
URLhaus
https://urlhaus.abuse.ch/url/384266/
  
Dropping
MD5 7fe1be366dcec24af3d895a5cf6444a6
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 040a69fe6d68904cbb33cffa3930c2a9d2d4a16377c730e8db78386034e1bfd3

Comments