MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b425700f72941ce47b2f4952e2a57bf86fdb71564c2497d3f87dad75a3ef9967. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b425700f72941ce47b2f4952e2a57bf86fdb71564c2497d3f87dad75a3ef9967
SHA3-384 hash: 36a7290ce69ad3b33595628317bed76c67090be27d89636ba826472c52727eec1ff80c743d1645ac76417a779ae42f8d
SHA1 hash: ae146c1cfa1343923f9f65cdd47ed97778a67bc4
MD5 hash: 5c31e3d731558a4682eab307d4986aef
humanhash: virginia-minnesota-salami-violet
File name:DHL Document.lzh
Download: download sample
Signature NetWire
Create hunting rule
File size:551'061 bytes
First seen:2021-03-03 18:03:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:rmbrn2fIpkTeeeHdHikSToQx0kShZXXFuDgW4QKBVqNhvb:KbrSIGTc9HiZkVXRNoPD
TLSH A1C4230C6EBCF1A24EDE1D301BAC66F4053DBD99957C192EBCC8AFDD2582481CE95A13
Reporter abuse_ch
Tags:DHL lzh NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: ae156.secure.ne.jp
Sending IP: 150.60.157.184
From: DHL Express <no-reply@dhl.com>
Subject: Package Arrival
Attachment: DHL Document.lzh (contains "DHL Document.exe")

NetWire RAT C2:
severdops.ddns.net:7390

Intelligence

File Origin
# of uploads :
1
# of downloads :
302
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b425700f72941ce47b2f4952e2a57bf86fdb71564c2497d3f87dad75a3ef9967/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 18:04:06 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wqsxad3ssqooi6zpjfjofjl37bx5w4kwjqsjpu7ypwwxli7ptftq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
netwire
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b425700f72941ce47b2f4952e2a57bf86fdb71564c2497d3f87dad75a3ef9967

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

zip b425700f72941ce47b2f4952e2a57bf86fdb71564c2497d3f87dad75a3ef9967

(this sample)

NetWire

Executable exe 73429ed369e556843e28f21b233a49aa9cc7b55d36c5be69f3745a75d17eaf1f

  
Dropping
MD5 92900a9f09ad28e0e6068988f85383c4
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 73429ed369e556843e28f21b233a49aa9cc7b55d36c5be69f3745a75d17eaf1f

Comments