MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6991d407bc08bb9e50dfd7f42d2992530e25b9ef611a461bf4d75b907940242. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6991d407bc08bb9e50dfd7f42d2992530e25b9ef611a461bf4d75b907940242
SHA3-384 hash: efb637cd11384ce18709bfb12119d73c85ee946dfdcb374bed432911fea1bca9d1de2b2feec9f387ed78c69cfb778b6e
SHA1 hash: 6d5f3b68958cfa593c10504a6bd631844397d7ae
MD5 hash: 11347b3a4c943ce6e6c590d41e9b83c9
humanhash: minnesota-fish-double-victor
File name:SKM_C258201001130020005057R1RE.IMG
Download: download sample
Signature NetWire
Create hunting rule
File size:1'703'936 bytes
First seen:2021-03-05 13:09:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:VEl1lo8nW9DUk1PQIITXdZS4/MK4sX5JOKl6NioFCCtE9phJI:VpF1PQ5Xdh/2s2/NioFCCi
TLSH D375093036AA5219E47E5B300D74A1D163FA7E6ABF15CB1E2859238C9F335438F11BB6
Reporter abuse_ch
Tags:img NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: vps38947.servconfig.com
Sending IP: 144.208.66.19
From: Williams Mia <rvfwd@avalonjobs.net>
Subject: Fwd: Payment Invoice
Attachment: SKM_C258201001130020005057R1RE.IMG (contains "SKM_C258201001130020005057R1RE.exe")

NetWire RAT C2:
severdops.ddns.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
429
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.11508.21294.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c6991d407bc08bb9e50dfd7f42d2992530e25b9ef611a461bf4d75b907940242/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-05 09:46:37 UTC
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y2mr2qd3ycf3tzin7v7ufuuzeuyoew466yi2iyn7jv23sb4uajba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tnega
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c6991d407bc08bb9e50dfd7f42d2992530e25b9ef611a461bf4d75b907940242

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img c6991d407bc08bb9e50dfd7f42d2992530e25b9ef611a461bf4d75b907940242

(this sample)

NetWire

Executable exe 21f4e588b0c41e6c4b6ebc201af2a7614cdaf7726b615e6f28b90fa6e61005d7

  
Dropping
MD5 96d50427e682c4899ffef6c1ac0b9ab2
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21f4e588b0c41e6c4b6ebc201af2a7614cdaf7726b615e6f28b90fa6e61005d7

Comments