MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f56b8a9a9fccefcc95ab88c6525db6e6d6e3e710277fdc3a90a48ea603c36852. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f56b8a9a9fccefcc95ab88c6525db6e6d6e3e710277fdc3a90a48ea603c36852
SHA3-384 hash: 9a62613fbebe7a238e782f3e97ee787d5da53e90cc1dcd8906fb0b91d4ed71d0c9731fc703c94e3fb70bd9284fdd3664
SHA1 hash: 86e7f99c7fc341741dab7771153aab1cc1c1186d
MD5 hash: e1427772b245929be79734529779de75
humanhash: zebra-dakota-london-undress
File name:Proof_Of_Payment.cab
Download: download sample
Signature NetWire
Create hunting rule
File size:860'306 bytes
First seen:2020-06-15 13:43:34 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 24576:9m9vvaLdiEnWQZhYlxdshoFQYcjuYmF/Y:9m9vvIiE9ZGlxuo6oY
TLSH DB05334922C52EEEED6C783FD4025F1A28414EA084ADD9BECFFC3B9685AB4C0D176D45
Reporter abuse_ch
Tags:cab NetWire RAT


Avatar
abuse_ch
Malspam distributing NetWire:

HELO: host19.axxesslocal.co.za
Sending IP: 197.242.145.93
From: Absa <ibreply@absa.co.za>
Reply-To: noreply@absa.co.za
Subject: Proof of Payment
Attachment: Proof_Of_Payment.cab (contains "Proof_Of_Payment.exe")

NetWire RAT C2:
154.16.93.182:3361

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.Troj.NanoCo_TZ.22029.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Nanocore
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:45:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6vvyvgu7ztx4zfnlrddfexnw43lohzyqe575youqushkma6dnbja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NetWire

cab f56b8a9a9fccefcc95ab88c6525db6e6d6e3e710277fdc3a90a48ea603c36852

(this sample)

NetWire

Executable exe 65f6a568a39f5285acc4fd58563be987f6a128165ae0b89cffc038a26f4e54b6

  
Dropping
MD5 ace51336104987ec0ee721c47bb2a828
  
Dropping
NetWire
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 65f6a568a39f5285acc4fd58563be987f6a128165ae0b89cffc038a26f4e54b6

Comments