MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9b175b0235f0f3afeab71d30588de2ce6f8efb1a96711e6c113750519b0ccdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9b175b0235f0f3afeab71d30588de2ce6f8efb1a96711e6c113750519b0ccdb
SHA3-384 hash: 0719bd66bc46eb6e6eb3e87dc0c87ad41c74d6a2af3c82f5d8714d5786879f7ce77362aef31a97e4e6425a22f1a05e7f
SHA1 hash: 45a9128760965031445146b05c426bf74efdc775
MD5 hash: 06d43291a25d9edf2372dd2326fa935f
humanhash: steak-mexico-lima-burger
File name:Proof Of Payment.img
Download: download sample
Signature NetWire
Create hunting rule
File size:2'031'616 bytes
First seen:2021-01-19 07:36:39 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:M3CQMzoPch3KaivCfozUQ193mbF5kP6i6HJ:Mu9NKzKwzN93Gli6H
TLSH AA95D6AC722071EFC857D4B2CA981DA8AA547C7B431B4503E46736ADDA3C997CF244F2
Reporter abuse_ch
Tags:geo img NetWire nVpn RAT ZAF


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: mail.getemails.website
Sending IP: 5.189.220.185
From: Nedbank <Notification@nedbank.co.za>
Reply-To: No-reply@nedbank.co.za
Subject: Proof Of Payment
Attachment: Proof Of Payment.img (contains "Proof Of Payment.exe")

NetWire RAT C2:
194.5.97.99:3382

Intelligence

File Origin
# of uploads :
1
# of downloads :
335
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Genkryptik-9822492-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e9b175b0235f0f3afeab71d30588de2ce6f8efb1a96711e6c113750519b0ccdb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:37:16 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5gyxlmbdl4htv7vlohjqlcg6fttpr35rvftrdzwbcn2qkgnqztnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
netwire
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e9b175b0235f0f3afeab71d30588de2ce6f8efb1a96711e6c113750519b0ccdb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

img e9b175b0235f0f3afeab71d30588de2ce6f8efb1a96711e6c113750519b0ccdb

(this sample)

NetWire

Executable exe c8dd40f09de4d85fa155fab0b763b1cba2d8381617eee03932d0edd221c33fef

  
Dropping
MD5 b09c19f4d896b873476bce03ff91207f
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8dd40f09de4d85fa155fab0b763b1cba2d8381617eee03932d0edd221c33fef

Comments