MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information Yara 6 Comments

SHA256 hash: 612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e
SHA3-384 hash: acb32551422fd448c25e73ce8d6b50b4ac910306a7cdfec9a1deef7b86ef4b666e61c37fbd26d88e45d80a614948eec7
SHA1 hash: 579853532fadf08ef8ed7369d6d596af619bdf5a
MD5 hash: 9e2c88810138b0856bda192ae70d34c4
humanhash: sink-happy-bluebird-chicken
File name:WACKER - 000160847.xls
Download: download sample
Signature NetWire
File size:1'176'064 bytes
First seen:2020-06-30 06:36:02 UTC
Last seen:2020-06-30 07:45:44 UTC
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 24576:gR4UNTYi0CjPcyworU8+80K0WNZdeAR/x7+jnp6jyg:0NTYi0oPcyDj0K0Wbdvz7+NGyg
TLSH 28453B01B60A093FF96A3631B84A54678B071FA7A542CFF20DD76256176FB60EE7AC01
Reporter @JAMESWT_MHT
Tags:NetWire

Intelligence


Mail intelligence
Trap location Impact
CH Switzerland Low
Global High
# of uploads 3
# of downloads 32
Origin country IT IT
ClamAV TwinWave.EvilDoc.DOCXSTRGOOD.AOEX4.BITSNEEDEDFOR.POWERSHELL.EXE.200327.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/612f288a358f6bfabc74937c10086107bede804413a5f6fd9e8f24f819669a0e/
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Sagent
First seen:2020-06-30 06:37:05 UTC
AV detection:15 of 31 (48.39%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-ng77a5pbve/
Tags:evasion spyware trojan
VirusTotal:Virustotal results 13.33%

Yara Signatures


Rule name:Malicious_BAT_Strings
Author:Florian Roth
Description:Detects a string also used in Netwire RAT auxilliary
Reference:https://pastebin.com/8qaiyPxs
Rule name:MAL_unspecified_Jan18_1
Author:Florian Roth
Description:Detects unspecified malware sample
Reference:Internal Research
Rule name:netwire
Author:JPCERT/CC Incident Response Group
Description:detect netwire in memory
Reference:internal research
Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:Suspicious_BAT_Strings
Author:Florian Roth
Description:Detects a string also used in Netwire RAT auxilliary
Reference:https://pastebin.com/8qaiyPxs
Rule name:win_netwire_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments