MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e05fe646183b69a8596eac8857f561c2aded2fda7694913b699c134dda15f797. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	e05fe646183b69a8596eac8857f561c2aded2fda7694913b699c134dda15f797
SHA3-384 hash:	c9d7e830d2520f1c7662320cb02edbcc137eb917acbe048709c75b273057088352bb0735f64d1a41dfb942bb93853584
SHA1 hash:	96347b01520d1ba2ce36d99bfa464489c7e3aabb
MD5 hash:	ceaf3087ebd7b9da9205468ec77737b1
humanhash:	yellow-batman-yellow-alpha
File name:	96347b01520d1ba2ce36d99bfa464489c7e3aabb.bin
Download:	download sample
Signature	NetWire Create hunting rule
File size:	895'205 bytes
First seen:	2020-08-20 17:06:23 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	cb4bf37e19f46392e285a23ff012e475 (1 x MassLogger, 1 x NetWire)
ssdeep	12288:DMEuFTG5ys/bVmOQEXrjtVAT2JFKm7rT6mIiQ92Z4gFzk6:gEX5yUxrHrj9JtPNPZRb
Threatray	245 similar samples on MalwareBazaar
TLSH	BC157D2794EC5007FB120472553AA5323E242C1163B6889737D1FE9F4AB1B97628DFBA
Reporter	Abjuri5t
Tags:	exe NetWire RAT

Intelligence

File Origin

# of uploads :

# of downloads :

280

Origin country :

n/a

Vendor Threat Intelligence

Detection:

NetWire

Link:

https://www.capesandbox.com/analysis/49236/

Detection(s):

Win.Dropper.NetWire-9386385-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending a custom TCP request

Sending a UDP request

Result

Threat name:

NetWire

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/442127

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to log keystrokes

Contains functionality to steal Chrome passwords or cookies

Contains functionality to steal Internet Explorer form passwords

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: NetWire

Yara detected NetWire RAT

Behaviour

Behavior Graph:

Download SVG

Detection:

netwire

Link:

https://mwdb.cert.pl/sample/e05fe646183b69a8596eac8857f561c2aded2fda7694913b699c134dda15f797/

Threat name:

Win32.Backdoor.NetWiredRc

Status:

Malicious

First seen:

2020-08-18 05:35:56 UTC

AV detection:

25 of 28 (89.29%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

Result

Malware family:

netwire

Score:

10/10

Tags:

rat botnet stealer family:netwire

Link:

https://tria.ge/reports/200820-3vtcvbeara/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

NetWire RAT payload

Netwire

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Emotet

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e05fe646183b69a8596eac8857f561c2aded2fda7694913b699c134dda15f797

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

exe e05fe646183b69a8596eac8857f561c2aded2fda7694913b699c134dda15f797

(this sample)

Link

https://www.vmray.com/analyses/555389db97e9/report/files.html

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/49236/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample