MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e
SHA3-384 hash:	0113b746ed3faa2bb83b66436cfef398b121ffede780984ab82aa0bd43c695c3fa0a6bfb247c315a9d9d61cab827ec15
SHA1 hash:	b771f36c5b3d98ce46c4d9645db97b406225fd8e
MD5 hash:	01c888ad7d2b9a0a7a14c1e6a05b6e02
humanhash:	batman-music-stream-cat
File name:	850b5159f0e7dbdfbf3d36b468fe61a0.exe
Download:	download sample
Signature	NetWire Create hunting rule
File size:	172'032 bytes
First seen:	2020-04-01 11:40:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	3072:0XFfLPJEzRgxr75puRWUoDMC6oqLHCzNJ+HdmFmMzOWwa:ClEC7fvDMCsizNJ+HkFhzONa
Threatray	4'988 similar samples on MalwareBazaar
TLSH	4CF3AF32D951C031E2B241F5F67D0BBB883E4E34729594E6E7E12AE06EB04A5F52931F
Reporter	abuse_ch
Tags:	exe GuLoader NetWire

abuse_ch

Payload dropped by GuLoader from the following URL:
https://feelgreatnow.co/dpp28FA0.bin

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PWS.Banker1.29984.UNOFFICIAL

Win.Malware.Formbook-7399661-0

Gathering data

Threat name:

Win32.Trojan.Formbook

Status:

Malicious

First seen:

2020-04-01 12:35:44 UTC

AV detection:

29 of 30 (96.67%)

Threat level:

5/5

Verdict:

malicious

Label(s):

netwirerc

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

803072652f9961162ece0c50fd46ccc98f965fe30b138a86558219052a95b729

NetWire

exe 322427854deccec94e7331e8d3faa9f2701289b8e2faac322889c5b04d6b8f5e

(this sample)

Dropped by

MD5 850b5159f0e7dbdfbf3d36b468fe61a0

Dropped by

MD5 78f14110dbdf1a912a0428dc5a0bff03

Dropped by

GuLoader

Dropped by

SHA256 803072652f9961162ece0c50fd46ccc98f965fe30b138a86558219052a95b729

Dropped by

SHA256 2785c90e8f4d0d0740cdb2a9d19af571edce3ea01e7c7902a98b871aaa126e6f

URLhaus

https://urlhaus.abuse.ch/url/333241/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample