MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d206e433247d3a30148ee2232772dd5c0cbf958c079000f76aeadc43e03bddc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d206e433247d3a30148ee2232772dd5c0cbf958c079000f76aeadc43e03bddc2
SHA3-384 hash: bceaebaff1ecc8bab1401d8607707b23e8ed8b4bc03f956225e9dfbcf94b3622187eb528a694c4c6716483e185a93a18
SHA1 hash: 50ada0e86087a0b72e87a9544e4390b20e19f868
MD5 hash: a6a5bb295b5a31c01815adc9b563421d
humanhash: friend-mobile-skylark-tennessee
File name:d206e433247d3a30148ee2232772dd5c0cbf958c079000f76aeadc43e03bddc2
Download: download sample
Signature NetWire
Create hunting rule
File size:638'624 bytes
First seen:2020-07-06 06:44:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:cquErHF6xC9D6DmR1J98w4oknqO2CyQfFCQQ5a76+ryxqpFo2nuNaewl/b4qtG:trl6kD68JmloLQfkI76++YpdnuYeMD4j
Threatray 806 similar samples on MalwareBazaar
TLSH C1D401437A97A10EDCEE46710C6598E40965FC211C38CAFBF690F73E6A31610EDA572E
Reporter JAMESWT_WT
Tags:NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NetWire
Create hunting rule
Link:
https://www.capesandbox.com/analysis/20927/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Dropper.njRAT-6971239-0
Create hunting rule

Win.Dropper.njRAT-6971240-0
Create hunting rule

Win.Dropper.njRAT-6971241-0
Create hunting rule

Win.Malware.Azorult-6971822-0
Create hunting rule

Win.Malware.Autoit-6972462-0
Create hunting rule

Win.Dropper.njRAT-6970846-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Enabling the 'hidden' option for recently created files
Unauthorized injection to a recently created process
DNS request
Enabling autorun
Detection:
netwire
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d206e433247d3a30148ee2232772dd5c0cbf958c079000f76aeadc43e03bddc2/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 23:25:00 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
27 of 28 (96.43%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
39a0ad9117de868c1aa3f891c58e750ef8688b829582c08c4c39098b94bf4f9c
NetWire
3b4671b291ffeef0bc2d488a2273b1bcc2546037229b29e4660254a71f03df82
NetWire
6a0649a94dadf6581c913e92f01d0d0f2414b6fb7792f36250bd565b4b6ce481
NetWire
6eb767d15a657e7d39c9534bbd4b24bcc9fb7d72b100b5456ac975a002ef93a9
NetWire
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
NetWire
8d3c18b852f38c03b74ec7de7771a9f93e6f5e3aa44d3863567d984fed0c6d88
NetWire
9a8b855058e1d8a31a302dfa49caa68baec7940553466f303a65c5eb032fb4e3
NetWire
9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14
NetWire
c41615161da87837531dc1af5636303677156e3393109d835cbc8d1994e33218
NetWire
e216062353c8bafbbed3e1fa3cd7d154aae43eec2011234f4e20ceb578237f69
NetWire
+ 796 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-trczsjlqga/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20927/

Comments