MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f634109798c4160a15a6cc810fe2d8670f419008ec6a12d36a537ad4de7fccc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f634109798c4160a15a6cc810fe2d8670f419008ec6a12d36a537ad4de7fccc
SHA3-384 hash: 8da57550b39d0531a268905a6a6fe53a7e5f31fb3709c6431ebeb66c5de493cbc0c3413263127c7271753217beb7ff5a
SHA1 hash: 472425fa767d7ef760dfbbaedad40fb24c69fe07
MD5 hash: 068488dad2b49bea2de8691aeddbf2c1
humanhash: magnesium-bravo-happy-moon
File name:7f634109798c4160a15a6cc810fe2d8670f419008ec6a12d36a537ad4de7fccc
Download: download sample
Signature NetWire
Create hunting rule
File size:147'456 bytes
First seen:2020-03-27 05:46:14 UTC
Last seen:2020-03-27 07:35:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c1e35ddddc07bc89d517a070336a0b1e (1 x NetWire)
ssdeep 1536:t4wGc64KudYTLPyYEgXQqA8ddS/0z1qDebmWYEvT/wSC:tCckUSvmq1dd9QabmWYEvTwSC
Threatray 1'351 similar samples on MalwareBazaar
TLSH F5E34B33BEA1D480EF114FB0085E86A6C815BC20AD4E8BC7B2557B4DAD7BF87DD62245
Reporter Marco_Ramilli
Tags:exe NetWire

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.22406.28766.20686.UNOFFICIAL
Create hunting rule

Win.Trojan.Remcos-7649828-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 20:07:22 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 30 (76.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p5rucclzrrawbik2ntebb7rnqzypigiar3dkcljwuu322tph7tga._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
3c11c15902d64e4b5ad06df07af329cb59a9626dae68a25fc9fc87dd4db9e6a2
NetWire
491afea427ab2e087853f552fc510577c77b5981a525f55a0cf4bec66d485a6e
NetWire
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
NetWire
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
NetWire
abc26a4dae06f9fa3a58be8ae001afa9b529384fd22814469cd4e7bc5b8c1255
NetWire
b05998bc4d111c80719ab38c75918662f8151fd5e5e223cdc90f0d97caad3b6e
NetWire
bb19d9c9c18233bf65768ed3534766ae87ada589f6223d015c47d5e4c2523d64
NetWire
d39c281b0ee2731cebd814b01c5772faf104ef40e2e16e0e56d3f3f716bc4209
NetWire
dbfdd9906827edada6d6bb63194a7b952f6e5f7592f59f2a9b7ff0dbe9dd01c0
NetWire
f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
NetWire
+ 1'341 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments