MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00a0100d050d944a9ffcec6964dd2b4f04e19a7e86ef5e03444824db2ca602b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00a0100d050d944a9ffcec6964dd2b4f04e19a7e86ef5e03444824db2ca602b2
SHA3-384 hash: f47f43a52051d96805fb48e1babf2e29c271715be1f8d553c8eccffe22d43e69f63f1b0024bbaa8b6d56ac52acbf9964
SHA1 hash: 75404764b79543d4f4026ec74b076800403c807a
MD5 hash: 186664ffccfff1dbde518378a4a05c3c
humanhash: johnny-eight-double-sixteen
File name:home.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:43'008 bytes
First seen:2020-04-27 19:18:38 UTC
Last seen:2020-04-27 19:45:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'748 x AgentTesla, 19'646 x Formbook, 12'245 x SnakeKeylogger)
ssdeep 768:yrlUrMOHqjI38v5BjbonXt1wNLBK6VrBzYcHeUZ:yrGFEDj8XtyNLU6VrQU
Threatray 327 similar samples on MalwareBazaar
TLSH 7E13821362DE3EA4E0794AB03B7B5BD1C36DDE110713D62E69E8311AEA3E1477A423D4
Reporter JoulK
Tags:NetWire

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader33.37086.27002.21430.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 07:36:21 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
0908ec548031faf4a16f0a77c9ebcb4a2706af574ea6e5af3561b4effb5218c4
NetWire
19ca70210efcd08d6a96909cebb3e8cdfc941456e07893122730e5c5b344b294
NetWire
423c069531aaf4e8b3208735fd9d4b95d3f482090460ef3702ed65a515375cee
NetWire
4e53bd81fd15220f8be50f3504bbcef5ce662c8ecd938b35a093883090fe0af2
NetWire
4f4fea6db2461b86970c7767a543c4e054ebaa81d174ad3f668e8652e6b93f30
NetWire
a189cf37a0134b34b5f3bea733946be125003319bccccc9cfcff9d8367506010
NetWire
ac96933a868de80a511a0e06c85e52e5bc32f88152d2b83759f7038a03530887
NetWire
ae6f078b6a993e8bd82b0ac786409354d9695661b55822d04d31ef8277749e72
NetWire
c30b857aad842eb28dc5bb3588c59c15e95c5242fed5fe81f34181813122261c
NetWire
e4bb158234319609a3d891e08f7ae6d6deee7fac7138639a8954dae5f281eea8
NetWire
+ 317 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

Executable exe 00a0100d050d944a9ffcec6964dd2b4f04e19a7e86ef5e03444824db2ca602b2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/352434/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments