MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a903f99a7e7caf7f82ac3e7160be1cdb10037d70ad4fbd5b612cf5822225873b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a903f99a7e7caf7f82ac3e7160be1cdb10037d70ad4fbd5b612cf5822225873b
SHA3-384 hash: 843308b7db095a6362fe8d2eef31b37f91a3cb281bcc3a7b37dbb021949969341596d07132ebd35c456741af9952ff17
SHA1 hash: fe0e907d9e3d1e99c499e6b577d5ea31838d2772
MD5 hash: 31b68b7ca6c8730ceffebd9ed7e6876d
humanhash: bulldog-leopard-bravo-maine
File name:Purchase order.zip
Download: download sample
Signature NetWire
Create hunting rule
File size:254'157 bytes
First seen:2020-06-20 12:47:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DQUPFtQBDKA/O/+LFus76CVtfoGSRrKMfnty6GAHE7HDkt:sKFqBD2+ZuOfrmFkHkt
TLSH 354422485DC19C8DC64EBEDFE90458D881D2C0C29A759068CA0FAFB1EA45F947D63F25
Reporter abuse_ch
Tags:NetWire RAT zip


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: shbc10.ultina.jp
Sending IP: 218.40.207.10
From: Info <account03@tripakgroup.com>
Reply-To: account03@tripakgroup.com
Subject: Purchase Order :196132
Attachment: Purchase order.zip (contains "Bfjvehw.exe")

RemcosRAT C2:
telnet 217.160.242.201 1919

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.ArtemisE64F048C8C19.12214.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 12:49:06 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=veb7tgt6psxx7avmhzywbpq43miag7lqvvh32w3bft2yeirfq45q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

zip a903f99a7e7caf7f82ac3e7160be1cdb10037d70ad4fbd5b612cf5822225873b

(this sample)

NetWire

Executable exe 76f20f51dda2d37c9e1c9ddff49fa03defa148abcfd399dfd2c0633f5609cc7d

  
Dropping
MD5 d539381f703130a54e65ffad095f656f
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 76f20f51dda2d37c9e1c9ddff49fa03defa148abcfd399dfd2c0633f5609cc7d

Comments