MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa9ce363e6ac2aac5368e24051de46a603234baf60c2aaef35c17361382ba09e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa9ce363e6ac2aac5368e24051de46a603234baf60c2aaef35c17361382ba09e
SHA3-384 hash: a775581619b9476e4f8bdb9eb706628139edce6124f2034cc1de26605e09d052e1768259815cfba513325215d4e0f6b2
SHA1 hash: 57ca5a393b568a202262ff386fcf82d43e951767
MD5 hash: c52be5d1786b5b8b5faa9c8117a0f21a
humanhash: lion-winner-cat-snake
File name:مستند الدفع 71F5246.7z
Download: download sample
Signature NetWire
Create hunting rule
File size:447'741 bytes
First seen:2020-10-18 17:14:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:9x71SJrMRWq8iortE0IZ+PynEGNEqQq+STjsfA5xU2AAaLpmj85QOplDs9y3aV/q:9xZiMx8iAO0SF8bcOAU3aVp/XBEE9Qh
TLSH D89423434EE14938655CD34BF1429A72F11296A5EAD77FF6EC0DAF524ACA303394C3A2
Reporter abuse_ch
Tags:7z NetWire


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gas0.billaccountant.com
Sending IP: 45.84.196.88
From: السيدة خضيره سليمان <officers@billaccountant.com>
Subject: رد: مستند الدفع 7184926
Attachment: مستند الدفع 71F5246.7z (contains "مستند الدفع 71F5246.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Fareit-FZO64E1AB7B5131.7593.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa9ce363e6ac2aac5368e24051de46a603234baf60c2aaef35c17361382ba09e/
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-10-18 14:19:32 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vkoogy7gvqvkyu3i4jafdxsguybsgs5pmdbkv3zvyfzwcoblucpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/aa9ce363e6ac2aac5368e24051de46a603234baf60c2aaef35c17361382ba09e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

zip aa9ce363e6ac2aac5368e24051de46a603234baf60c2aaef35c17361382ba09e

(this sample)

NetWire

Executable exe c6924bd1eede3eef4831175fe7a6144576b8378801d5c229e7a9b56e27f3a2e2

  
Dropping
MD5 c10f46ff6caff363d5352d805cb9aeb6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c6924bd1eede3eef4831175fe7a6144576b8378801d5c229e7a9b56e27f3a2e2

Comments