MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4300bf267e8d21ee9c7b0d906b2da7545cb5b670bc2506edc6ea97132eefe10e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4300bf267e8d21ee9c7b0d906b2da7545cb5b670bc2506edc6ea97132eefe10e
SHA3-384 hash: ba56992dbd11e629fed06cddc4f2cb6f63426316a9bdd1332c9d06f1ed43a473f154e141cc7a7ead58be991991d47911
SHA1 hash: e2e6894e9741b1154f19481d77efa54596e87a9b
MD5 hash: ef1fdb492091b3841b5245d9faa72f80
humanhash: undress-south-high-massachusetts
File name:4300bf267e8d21ee9c7b0d906b2da7545cb5b670bc2506edc6ea97132eefe10e
Download: download sample
Signature NetWire
Create hunting rule
File size:638'624 bytes
First seen:2020-07-06 06:44:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:cquErHF6xC9D6DmR1J98w4oknqO2CyQfFCQQ5a76+ryxqpFo2nuNaewl/b4qtU:trl6kD68JmloLQfkI76++YpdnuYeMD4h
Threatray 801 similar samples on MalwareBazaar
TLSH 70D401437A97A10EDCEE46710C6598E40965FD211C38CAFBF290F73E6A31610EDA572E
Reporter JAMESWT_WT
Tags:NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NetWire
Create hunting rule
Link:
https://www.capesandbox.com/analysis/20926/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Dropper.njRAT-6971239-0
Create hunting rule

Win.Dropper.njRAT-6971240-0
Create hunting rule

Win.Dropper.njRAT-6971241-0
Create hunting rule

Win.Malware.Azorult-6971822-0
Create hunting rule

Win.Malware.Autoit-6972462-0
Create hunting rule

Win.Dropper.njRAT-6970846-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Enabling the 'hidden' option for recently created files
Unauthorized injection to a recently created process
DNS request
Enabling autorun
Detection:
netwire
Create hunting rule
Link:
https://mwdb.cert.pl/sample/4300bf267e8d21ee9c7b0d906b2da7545cb5b670bc2506edc6ea97132eefe10e/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 19:17:00 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
39a0ad9117de868c1aa3f891c58e750ef8688b829582c08c4c39098b94bf4f9c
NetWire
3b4671b291ffeef0bc2d488a2273b1bcc2546037229b29e4660254a71f03df82
NetWire
6a0649a94dadf6581c913e92f01d0d0f2414b6fb7792f36250bd565b4b6ce481
NetWire
6eb767d15a657e7d39c9534bbd4b24bcc9fb7d72b100b5456ac975a002ef93a9
NetWire
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
NetWire
8d3c18b852f38c03b74ec7de7771a9f93e6f5e3aa44d3863567d984fed0c6d88
NetWire
9a8b855058e1d8a31a302dfa49caa68baec7940553466f303a65c5eb032fb4e3
NetWire
9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14
NetWire
c41615161da87837531dc1af5636303677156e3393109d835cbc8d1994e33218
NetWire
e216062353c8bafbbed3e1fa3cd7d154aae43eec2011234f4e20ceb578237f69
NetWire
+ 791 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-22d9jwf28s/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20926/

Comments