MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3cd60335878e796958d872052606a0988bc14d3dff32d1241357364070007450. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3cd60335878e796958d872052606a0988bc14d3dff32d1241357364070007450
SHA3-384 hash: be3a9e815ce711233fe08503f73f3adacb055a06f22f72b6e775a625ead38106ab2036f294d63fa843722cac1e58388c
SHA1 hash: 427397e44d8277c60a1258753add5a73796a94b1
MD5 hash: 505696b0c6115b2dc8a33c40e857926e
humanhash: sierra-violet-alanine-iowa
File name:505696b0c6115b2dc8a33c40e857926e.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:81'920 bytes
First seen:2020-06-06 19:33:23 UTC
Last seen:2020-06-06 20:50:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9b7580118a2a0fda520ee77b676d3b8b (1 x NetWire)
ssdeep 1536:5RDrdLtwwyCkQ0IowDwvluCBMsEsjoil4n:jrdhiCn0I1ELMj
Threatray 1'003 similar samples on MalwareBazaar
TLSH 6E839D03BE19C851C1694EB03D739A942B37BC1958409E4F35486F9EFC75393A9E632E
Reporter abuse_ch
Tags:exe NetWire RAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMHJ.3306.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 19:35:04 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=htlagnmhrz4wswgyoicsmbvatcf4ctj574zncjatk43ea4aaoria._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5823c7447f2b98179ff86e2492855d785581f99902fa0eb6d24703500ac5b123
NetWire
7ae58eeb4ed1bd534122941fa3bb1c2971a982497566757b7a4b062c2756745d
NetWire
969de2cb08c2fcfd7217a8ec8dc5a68a88e69ddc1dac9d4db06a0ed4aa3dfcf1
NetWire
9c0d3c463792d704909de3a04cd7a6d31f8094301e8e24950af31cdc5e9f2838
NetWire
b13c91ec09a119b6a1bfbbe0efc0576b84c56d6dbfa21ff946594b677bddfa68
NetWire
d791e15ea0a026117e34f758aca1d94dc25e38ff1a0a0419a10b211a58d6b6f1
NetWire
db052c2e2b43f63cf5196975c6ff7e21ef9481e6316f655cbe246650e636ccec
NetWire
e1f9e09156ca969a490892994d53114384917b6a7ea25edcd87c06c9249d1f2d
NetWire
fbec74e89895d0de9b043cecef65c5accf0224ce527caad70a016d74322e5ac9
NetWire
fea29955349c7f4aaf2ea1e18e1d366a643e2ed98706b168a909e45b633b4f10
NetWire
+ 993 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-kk7rq82tm2/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

Executable exe 3cd60335878e796958d872052606a0988bc14d3dff32d1241357364070007450

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/376168/
  
Delivery method
Distributed via web download

Comments