MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967
SHA3-384 hash: e748c2531d9201242341365d44ab89389a2434ee8b5f86f753dcf6209271816257dede11fab69059b019ba06296e4c9e
SHA1 hash: 203d5a5fe71d2d733d9cf9204aeb7e9661410a5a
MD5 hash: 343c3b31aa339ce68e8f7a9454e27e07
humanhash: kilo-speaker-oven-ohio
File name:SecuriteInfo.com.Gen.NN.ZevbaCO.34104.em0@aeJR4Lki.4816
Download: download sample
Signature NetWire
Create hunting rule
File size:65'536 bytes
First seen:2020-03-25 21:49:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash eddb150d015ad5cd49314c438b67f5da (1 x NetWire)
ssdeep 768:z5QKJqlmWzUIfymfeHpRrlZYw+JKl/6d9k0f3g7Jqp5Q:SwWoqyIIlzqKMd9FgY
Threatray 1'134 similar samples on MalwareBazaar
TLSH 90530B11D6B8BCECF8788571CC465B14C7B2EF3595B51EDB78C5BC0929306D628CA38A
Reporter SecuriteInfoCom
Tags:NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.NN.ZevbaCO.34104.em0@aeJR4Lki.4816.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-03-25 18:15:19 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
22 of 30 (73.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ju3tcmnq2msu24xrubxkc2bgon3lrtepqbo2uu4whw27aulddftq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
36d234ce270e0a44671666a82d6ea92d896f7c2516a25b8121ccdf3502977cb0
NetWire
5f6d61aae72e86026b0e65e4a499d82a77c4069e0463fb8c9b0697cae522fdb9
NetWire
77168234eb706333e4835666a00a8fd8e110959660c97e5c5528ed3a3d0f5081
NetWire
78f2c94c64775acc935a40cf63103e04ed2ace67a20e8eb533f4a3c2f40d2fe9
NetWire
8f4147785131b1c4e30710abb80aa3184ce0d070a0bf557a633a8a0eb8d1a77b
NetWire
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
NetWire
b957ef817c366f048f64e10b916eb33113a58511a7aaa74212c93e080ed1af64
NetWire
bb8016149b1cfa77fa6614decb51d21b20385e2749f1b667ad0d51615c9baf05
NetWire
d6330004986cb2968200bad58cb3f1135e2383d9bdf6894feff0f28f952f4c2b
NetWire
f842179b4979090b6435dcc7ae0ffb46d42899fd4a1926c11fadd7e39ca5f505
NetWire
+ 1'124 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

Executable exe 4d373131b0d3254d72f1a06ea168267376b8cc8f805daa53963db5f051631967

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329975/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments