MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6da998a52419846d81837d9a88d0b1e02f1816adf89ff6e91bb5de5c57abcc9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6da998a52419846d81837d9a88d0b1e02f1816adf89ff6e91bb5de5c57abcc9a
SHA3-384 hash: 26a1286df4ccaebbd24c454f776c4f78087fb69052e36d8d8d85a28d4fecb88f1ec6744232235e0dd55006f2bfd0fc3a
SHA1 hash: a8752f670fce74ffb84489549b4b4abf20bea0ab
MD5 hash: 29ad517a3f633a2e2cf1e5025a70dc01
humanhash: crazy-vermont-white-massachusetts
File name:SecuriteInfo.com.Heur.PonyStealer.dm0@rqh7MEpi.28792.24222
Download: download sample
Signature NetWire
Create hunting rule
File size:53'248 bytes
First seen:2020-04-21 21:52:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 44737f0013bbb49746fc6e769b26629b (1 x NetWire)
ssdeep 384:fs3CumOEizjoQc8p+ZcDdfNL6F3k2GWm7e9SQEARzT22bzC14:f3iXox4yFU2Q7zMG2v6
Threatray 257 similar samples on MalwareBazaar
TLSH 843350E2B55E4B5FD81DF5703CCE069F92327E26A784AE0EF1446538F6B22318E56D02
Reporter SecuriteInfoCom
Tags:NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7691459-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Netwiredrc
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 20:13:40 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nwuzrjjedgcg3amdpwnirufr4axrqfvn7cp7n2i3wxpfyv5lzsna._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
0c017b57d7f1cbfa01f54deb15b7f04b8923acd4585435050589b1762856247e
NetWire
150b2b068639c918e134e69b557f929dea81cf3a6d563aba39640227bdd029d3
NetWire
2ffdb2643512eaa27e65319a8905fccb924c39ff91b4c14787f7d5663edf413d
NetWire
318feaa23aaf7ef64618bd49846973791db210e5714fd4440a8b186409207810
NetWire
37dd9ac0253be5eb6036877963ff457db90932e34d9bbd2c18852bf8bfd873c2
NetWire
55eb95f1ad05a1a1acff7b2b727e30d4045e9eab88cee2ab7cedb7db0c1b434a
NetWire
5d87517a56440374b259a78c6f271de278c89b03016fe307e5a85121b054f42d
NetWire
7a27c2b1dde4a2dafa2a6d8e984337a891d4f7c1a15a80c5524be3bb5c0ccde6
NetWire
894061c993db2acb055ccd2f85468e1f18af0dff041c48c6f0851bf072efb31f
NetWire
98169e4e5b83666832b2cfbe23861caf950ffa48cc3365d906d782be0f0b2016
NetWire
+ 247 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

Executable exe 6da998a52419846d81837d9a88d0b1e02f1816adf89ff6e91bb5de5c57abcc9a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/347812/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments