MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34cedb568c833efef91d94869b50b0d0b41f51e9dd882f9c2602f14f391b15aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34cedb568c833efef91d94869b50b0d0b41f51e9dd882f9c2602f14f391b15aa
SHA3-384 hash: 48ee75bc7a1591892cb16095454a5cc9e6dd737bbe4a19a1794645609605f3bf80b61246b9a6663bb7bfecdd9f4f0b4e
SHA1 hash: 92f5fe49d4c00496ef1e147fbb5e448cb70832cf
MD5 hash: 34a4e2f4f33c353edff612c9559e0ff8
humanhash: red-high-william-april
File name:STATEMENT OF ACCOUNTS2020.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:1'314'816 bytes
First seen:2020-10-08 13:32:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7 (1'102 x FormBook, 936 x AgentTesla, 399 x RemcosRAT)
ssdeep 24576:NAHnh+eWsN3skA4RV1Hom2KXMmHaJJpsbfMpg2r3aOKhDNTdz5:sh+ZkldoPK8YaJJpsb+3aOgpTX
Threatray 534 similar samples on MalwareBazaar
TLSH 8355BE0273D1C036FFABA2739B6AF64156BD79254133852F13981DB9BC701B2263E663
Reporter James_inthe_box
Tags:exe NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69274/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file
Launching a process
Enabling autorun by creating a file
Unauthorized injection to a system process
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/485550
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
AutoIt script contains suspicious strings
Binary is likely a compiled AutoIt script file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34cedb568c833efef91d94869b50b0d0b41f51e9dd882f9c2602f14f391b15aa/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 13:31:33 UTC
File Type:
PE (Exe)
Extracted files:
26
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gthnwvumqm7p56i5ssdjwufq2c2b6upj3wec7hbgalyu6oi3cwva._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
0282b710d24b3d098017e3231c93e1b46bf8586a6e0cc83ec76f2a1d710c6813
NetWire
06e0e3da562a627b84f328a76d70b62326e2b5a82fd28bf943b6d3dfd1f26cb7
NetWire
07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c
NetWire
37dd9ac0253be5eb6036877963ff457db90932e34d9bbd2c18852bf8bfd873c2
NetWire
48b1f899e7ad8d880a6bf9d97ada6507c4403c8d8e81815f83fb8181ca247008
NetWire
9c5315409c9ccb1e74195e244a17531781b973f9f489743602c18aaf5a22e7fb
NetWire
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
NetWire
a63dfd81e0eb6283bc0051a3c1f80ba0eb818d132aafe5e6a1cc3cd63a3433ff
NetWire
d76bb689a401094eee47a075368224161d261665c2b285b155d1b7833ba4fbaa
NetWire
e897888dd36ab2a5740030d628f510ef0563d9d039e896b45134a4a5c4a82bb7
NetWire
+ 524 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201008-bxykj7qmve/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops startup file
Unpacked files
SH256 hash:
34cedb568c833efef91d94869b50b0d0b41f51e9dd882f9c2602f14f391b15aa
MD5 hash:
34a4e2f4f33c353edff612c9559e0ff8
SHA1 hash:
92f5fe49d4c00496ef1e147fbb5e448cb70832cf
Link:
https://www.unpac.me/results/64481325-16e7-4b4b-83ae-4ba9ac172903/
SH256 hash:
2c6538b2529728b3b5511dc6145e13c4825aae97a354d1d275e3169b05528563
MD5 hash:
1be5173ceab9b7b97a7f883e3fbd8c2b
SHA1 hash:
2cc536c51f7dc657b1c053fa83f3813e6a5c4d54
Link:
https://www.unpac.me/results/64481325-16e7-4b4b-83ae-4ba9ac172903/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/34cedb568c833efef91d94869b50b0d0b41f51e9dd882f9c2602f14f391b15aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/69274/

Comments