MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8
SHA3-384 hash: 37e966cfd821eeb23889a9f049b47fe88e51fd93c6c6df05f1d7c3f6d493a9f5ec90adf09c321b653562a5135f39fcf1
SHA1 hash: 64dd08e93b94e2cf5c69da11530e38467d43d637
MD5 hash: a919abd1954ba7fbc64698888c51b109
humanhash: quebec-friend-magazine-lion
File name:15-08-2020 - SOFT COPY_PAYMENT SLIP.rar
Download: download sample
Signature NetWire
Create hunting rule
File size:157'785 bytes
First seen:2020-08-15 17:28:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:sHUo64XNvWAgoNu385mCXDHydz3FSA9DYslJ/wL+dLYet3kBoN7:m64X1goNWqmCXDSdxSA5dvo8E64U7
TLSH 35F31392B99530E7F6FE20CBAA60FB63FF170354241864145257F47E3B5C662ABE580C
Reporter abuse_ch
Tags:NetWire rar RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: WIN-TPNQQ41KAUA.home
Sending IP: 66.7.148.55
From: support <riya.psharma12@gmail.com>
Subject: Regarding late payment
Attachment: 15-08-2020 - SOFT COPY_PAYMENT SLIP.rar (contains "15-08-2020 - SOFT COPY_PAYMENT SLIP.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
304
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8/
Threat name:
ByteCode-MSIL.Backdoor.NetWiredRc
Create hunting rule
Status:
Malicious
First seen:
2020-08-15 17:30:07 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v5pvkihefd7qhsm5mvnx3cliuzm7pcfgvezijyasdtqictv3hdma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

rar af5f5520e428ff03c99d655b7d8968a659f788a6a93284e0121ce0814ebb38d8

(this sample)

NetWire

Executable exe b6f5a289ab47b790c1bc57a5a3b35871fc968da66ebb3fdd7669de18c2ba3dd5

  
Dropping
MD5 e792eb4a972110714df6761ef60284c6
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b6f5a289ab47b790c1bc57a5a3b35871fc968da66ebb3fdd7669de18c2ba3dd5

Comments