MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00d15a91a273ab4fdf52ca13e4578b313c138ecb9e66172915603f2c36591afb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara 1 Comments

SHA256 hash: 00d15a91a273ab4fdf52ca13e4578b313c138ecb9e66172915603f2c36591afb
SHA1 hash: bd3c97c9320afd1d9d10e497da6889829506008c
MD5 hash: 3ccd8de8b598074da16d63df518780dc
File name:3ccd8de8b598074da16d63df518780dc.exe
Download: download sample
Signature NetWire
File size:1'978'481 bytes
First seen:2020-05-22 13:55:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 59e9802827198ff4580d093a434c6983
ssdeep 6144:ySs5+6EIo/rBlI/Pj5R86sLSs5+6EIo/rBlI/Pj5c5U4yfHL7QU3BBd9/Pji5+65:yS4EI4yReS4EI4ygLyfIadUEI4bRF5Q
TLSH B19598A5E9BE0873DC8CC7B98BD7E83E75C4A1A331531D3AE9811589570ADD226F7032
Reporter @abuse_ch
Tags:exe NetWire RAT

NetWire RAT C2: (


Mail intelligence No data
# of uploads 1
# of downloads 29
Origin country FR FR
ClamAV Win.Dropper.Mansabo-6611665-0
VirusTotal:Virustotal results 78.57%

Yara Signatures

Rule name:win_ozone_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.