MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6be90e3f72bce2fe0ec0a1d5c4117d81955b214f5de72dd189739ab8175ef30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6be90e3f72bce2fe0ec0a1d5c4117d81955b214f5de72dd189739ab8175ef30
SHA3-384 hash: 3cdbff2b832669f55b1a356179394433bc247dd9bd497d4854c8617e41a2d6810d6a3604de6b6a6dcd2283f4200195e4
SHA1 hash: b80497a9e40b8d64aed71ad21b65e3477693d7f2
MD5 hash: c5f0163090b0c9d631611e234fad8699
humanhash: fish-sixteen-jupiter-early
File name:Shell-996933_29-07-2020.7z
Download: download sample
Signature NetWire
Create hunting rule
File size:460'109 bytes
First seen:2020-07-29 11:06:59 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:xBVsdqQOmWZgQnhdMdkYbO9lkDfQVVNUcZibxOHtojgnfW53iyIHEuEppDKkok7h:x4Pny7r3ofUNYFOHtLW9aHWpnPgiQ3y
TLSH A3A4234282A267B486C3DB527458847C99C78CB26A4683EF4A01679365CDF6CB2FCDC7
Reporter abuse_ch
Tags:7z NetWire RAT t-online


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mailout08.t-online.de
Sending IP: 194.25.134.20
From: Inkoop - ROYAL DUTCH SHELL <Zahnarztpraxis-Kugler@t-online.de>
Reply-To: jsntfxqvip.163@gmail.com <jsntfxqvip.163@gmail.com>
Subject: ROYAL DUTCH SHELL - AANKOOP BESTELLING JULI / AUGUST2020
Attachment: Shell-996933_29-07-2020.7z (contains "Shell-996933_29-07-2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
288
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6be90e3f72bce2fe0ec0a1d5c4117d81955b214f5de72dd189739ab8175ef30/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:08:06 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w27jby7xfphc7yhmbiovyqix3amvlmqu6xphfxiys442xalv54ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Barys
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b6be90e3f72bce2fe0ec0a1d5c4117d81955b214f5de72dd189739ab8175ef30

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

7z b6be90e3f72bce2fe0ec0a1d5c4117d81955b214f5de72dd189739ab8175ef30

(this sample)

NetWire

Executable exe 54e95ef949e6f817b50144b1f8ae37a609d5ab3bc07567699a642a339566d555

  
Dropping
MD5 5102ee8e4128267915b1c288b82ce6b5
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 54e95ef949e6f817b50144b1f8ae37a609d5ab3bc07567699a642a339566d555

Comments