MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a71e14a3d15302daafb61efcd8a1cfebe0c72511cafc8a81f306e59f8866d942. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a71e14a3d15302daafb61efcd8a1cfebe0c72511cafc8a81f306e59f8866d942
SHA3-384 hash: 18504779a3adc608b7a21bab47ad1f0d9f8c5404998ccc0764e94bb173df9fc80f90455b0d20a6fe44ca697b84fb47d3
SHA1 hash: 740e9c7cb16223d9894b4ed479ebc9627197b07d
MD5 hash: b03d9b47ec09085325f9bcfc06166723
humanhash: glucose-oranges-cup-wyoming
File name:7c4129a2f82b35c2d9bbe7eb27611470.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:130'560 bytes
First seen:2020-04-03 19:04:20 UTC
Last seen:2020-04-03 19:27:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3552255b0308f758d071474baf31cb31 (28 x NetWire)
ssdeep 3072:Uq3E2BfBSbEsz7nCAFVNNvBGvdO5gPaEjep8Fe7Z1iO7ZbvbsV7:BRBfBSosz7nCA3NHCdXaEj7Fe7Z1iOFC
Threatray 46 similar samples on MalwareBazaar
TLSH EDD31A04EE87A0F2FE0B4D70A5CBF7FF4A295605C224DEA2DFA46D82FA13D15110A756
Reporter abuse_ch
Tags:exe GuLoader NetWire


Avatar
abuse_ch
Payload dropped by GuLoader from the following URL:
https://onedrive.live.com/download?cid=3F2905EFA1C7AC3F&resid=3F2905EFA1C7AC3F%21155&authkey=AFkRSSk0IIJzrms

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence

File information

The table below shows additional information about this malware sample such as delivery method and external references.

b43754327e72587021e4f5c85fcd2b870b53636b75e892a6adf0b2e41b7b8de4

NetWire

Executable exe a71e14a3d15302daafb61efcd8a1cfebe0c72511cafc8a81f306e59f8866d942

(this sample)

  
Dropped by
MD5 7c4129a2f82b35c2d9bbe7eb27611470
  
Dropped by
MD5 7a17b9291bb1638cb42008658f14380b
  
Dropped by
GuLoader
  
Dropped by
SHA256 b43754327e72587021e4f5c85fcd2b870b53636b75e892a6adf0b2e41b7b8de4
  
Dropped by
SHA256 67ba7605dd51e37be5a012868f1bbd5d211073f2fd81108c2d08a14f621aa423
  
URLhaus
https://urlhaus.abuse.ch/url/334719/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
DP_APIUses DP APICRYPT32.DLL::CryptUnprotectData
SHELL_APIManipulates System ShellSHELL32.DLL::ShellExecuteA
SHELL32.DLL::SHFileOperationA
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetDriveTypeA
KERNEL32.dll::GetVolumeInformationA
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryA
KERNEL32.dll::CreateFileA
KERNEL32.dll::DeleteFileA
KERNEL32.dll::MoveFileA
KERNEL32.dll::GetFileAttributesA
KERNEL32.dll::FindFirstFileA
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameA
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.DLL::CryptAcquireContextA
ADVAPI32.DLL::CryptCreateHash
ADVAPI32.DLL::CryptGetHashParam
ADVAPI32.DLL::CryptHashData
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.DLL::RegCreateKeyExA
ADVAPI32.DLL::RegDeleteKeyA
ADVAPI32.DLL::RegOpenKeyExA
ADVAPI32.DLL::RegQueryValueExA
ADVAPI32.DLL::RegSetValueExA
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::closesocket
WS2_32.dll::connect
WS2_32.dll::gethostbyname
WS2_32.dll::gethostname
WS2_32.dll::htons
WS2_32.dll::inet_ntoa
WIN_USER_APIPerforms GUI ActionsUSER32.dll::CreateWindowExA

Comments