MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 460aa0fd440b1acb5aa90b5667d4c387494f6622014e5d4115b1e3b6b080c5c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 460aa0fd440b1acb5aa90b5667d4c387494f6622014e5d4115b1e3b6b080c5c0
SHA3-384 hash: 6eb842e40ddf6970c41c2389b7b463ac98105e329e1c7efa1def5ab0a51783c5977b885a273c7ea0b453dd9201861b51
SHA1 hash: fec8cc9702d3c7bc3b79963185840a88fc9fa1ed
MD5 hash: 109fe927fe24d4ad74beeed3ec7f863f
humanhash: mobile-happy-bakerloo-shade
File name:payment_.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:110'592 bytes
First seen:2020-04-15 16:39:10 UTC
Last seen:2020-04-27 23:11:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a6709369be66aca05e998679300e778f (1 x NetWire)
ssdeep 768:hBQo/xL2sOd1rCDLvHn5gLbhzzQ4aTg5gzHsO9EWc2kFNUrhK7i/xL2sOd1rCDLU:DQC2NCvRmhzJ5D/Urig2NCvRmhzJ5GQ
Threatray 378 similar samples on MalwareBazaar
TLSH CEB38D19F6ECFA32F8118E771A3AC19952207E729E4A1446F246734F6D315E7DA7030B
Reporter c_APT_ure
Tags:NetWire

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7513249-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-01-09 02:08:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
NetWire
443bc33e9d28fddd4229367cde23085b8d57549093ce8e991eb4753ce58c85fe
NetWire
4d0dfe01c27dfd2c35464a3f435cfb4cad6e996d6fc407cc8f10fc0b3d0692fe
NetWire
a3c44389aac31e62cd3267525d4cfebbd65c32fbaec918500b606d67b0ea62d8
NetWire
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
NetWire
c76654971c4af60511d3583a3bd00c673904569aa93973687e14e95b9e80de6f
NetWire
cf813a86d30ddd0c2ca59f73334fffd241bfd31eddfe30dc2e73d5b29ae752d1
NetWire
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
NetWire
ecbbdea89347df30a9575353b8886499a88d30f5606f60c922c62e4a56637c74
NetWire
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
NetWire
+ 368 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments