MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: 23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827
SHA3-384 hash: 129cd12d06d02635f1f8bc873caa6d8f1d949d7dd8a18222f4163b6cc97c003c74170a780de18b92cbb48cd96809fdcc
SHA1 hash: dd8b28a78383e3435487178509a18a21d1385d61
MD5 hash: c78124cbf501154c3322e594cb076e17
humanhash: eleven-orange-butter-high
File name:23fd501c884e2f46d38af81b0d6e423ea0bff8c5eee615227806faf7b2833827
Download: download sample
Signature NetWire
File size:1'229'824 bytes
First seen:2020-06-17 08:58:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7
ssdeep 24576:sAHnh+eWsN3skA4RV1Hom2KXMmHafdQi+5kLQoqlu4MKngD5:Lh+ZkldoPK8Yafd7+5kkoqg4tg
TLSH 1F45BD0273D6D036FFAB92739B6AB20556BC7925013385EF13981DB9BD701B1263D2A3
Reporter @JAMESWT_MHT
Tags:NetWire

Intelligence


File Origin
# of uploads :
1
# of downloads :
26
Origin country :
IT IT
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Status:
Malicious
First seen:
2020-06-16 01:12:27 UTC
AV detection:
28 of 31 (90.32%)
Threat level
  5/5
Result
Malware family:
netwire
Score:
  10/10
Tags:
rat botnet stealer family:netwire
Behaviour
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetThreadContext
Drops startup file
NetWire RAT payload
Netwire

Yara Signatures


Rule name:win_netwire_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments