MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b5be721b01afba707b56c346bc64a246cfd8b0cf06ce89ea290cfd748f1b577. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	1b5be721b01afba707b56c346bc64a246cfd8b0cf06ce89ea290cfd748f1b577
SHA3-384 hash:	d6155f7de51b2dee2472498ad11ef9a7104f3908d7c40b91df318ab5c36fcf738ed27c6185b460b9146d05d2d5f63a7b
SHA1 hash:	095af7936ac7d063decbd465cd88efdd4bc81ad9
MD5 hash:	d1a686530de3dfb3dc88fb62ce966414
humanhash:	kentucky-cold-yankee-fruit
File name:	utasarmsinc.ru_live__dew.exe
Download:	download sample
Signature	NetWire Create hunting rule
File size:	569'344 bytes
First seen:	2020-03-18 19:23:43 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1a9b2c2d28aa9300ed1b2cbdd4991b6b (1 x NetWire)
ssdeep	6144:h94fOTC5950SMckJUZF1oqpud/euqSD37LgEUqT5Lz1t+ApxOH0Imv7N5ij:hiYC5jBMhUZF1nudeXc37cwzjB0j
Threatray	4'680 similar samples on MalwareBazaar
TLSH	E7C4037CE07D85A5F99D50373AA0CFB616D31F68807207D07C3E7A9692B361E9C9CA06
Reporter	ov3rflow1
Tags:	exe NetWire

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Inject4.CAWV.9821.10066.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2018-03-18 17:30:00 UTC

AV detection:

28 of 30 (93.33%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1b5be721b01afba707b56c346bc64a246cfd8b0cf06ce89ea290cfd748f1b577

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/224/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaErrorOverflow

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample