MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e396d605f3347ed9e0515637193f9db3c176de3e5c32188d09575d8c89320e63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e396d605f3347ed9e0515637193f9db3c176de3e5c32188d09575d8c89320e63
SHA3-384 hash: d626b798c115bcdb064196a3b3d256313e5e0a27dfadb047284db508c81eefb55955c5fbc9caa954f8af82fd9e662977
SHA1 hash: 52abe4c413ad00402550acc96f9f39f633b40319
MD5 hash: 36733bbdcfe6f1677adbde55a83a6def
humanhash: single-table-paris-happy
File name:ستند الدفع 71F5246.7z
Download: download sample
Signature NetWire
Create hunting rule
File size:454'685 bytes
First seen:2020-10-18 10:51:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:3SDDRnmCWkQR/FfcDQUlszh4FBI0IdFEL9QSi:iD9dw36BI0IfgiSi
TLSH 66A423F1278DED593962D811F752950D3174CC2BF91E28E2B52EB20AD11E39FA0AE07C
Reporter abuse_ch
Tags:7z NetWire


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gas0.billaccountant.com
Sending IP: 45.84.196.88
From: السيدة خضيره سليمان <officers@billaccountant.com>
Subject: رد: مستند الدفع 91H84926
Attachment: ستند الدفع 71F5246.7z (contains "ستند الدفع 71F5246.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Qjwmonkey-6892535-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e396d605f3347ed9e0515637193f9db3c176de3e5c32188d09575d8c89320e63/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-18 07:09:32 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4olnmbptgr7ntycrky3rsp45wpaxnxr6lqzbrdijk5oyzcjsbzrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e396d605f3347ed9e0515637193f9db3c176de3e5c32188d09575d8c89320e63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

zip e396d605f3347ed9e0515637193f9db3c176de3e5c32188d09575d8c89320e63

(this sample)

NetWire

Executable exe 43f14fe4f9c4e617842b497b17c1e2884562466bb832d673d987760d1fc4b682

  
Dropping
MD5 dd01feb142914d792dd61058b6ca97da
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 43f14fe4f9c4e617842b497b17c1e2884562466bb832d673d987760d1fc4b682

Comments