MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5cf88fd0b092517f27703199fab5cea2a4adc40a01f3c20c2f914f3122e42e1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5cf88fd0b092517f27703199fab5cea2a4adc40a01f3c20c2f914f3122e42e1d
SHA3-384 hash: 671cac40760c2cf42bdbac3a98ff633d3b4fb74526d7bb0a8baf767d3eca96ac802c6201e3099988817ad982cd7cda2f
SHA1 hash: 3203bbc73c7dce2f2ae212069e5668f429214e37
MD5 hash: 3a58c86e53478eaf6f7816f02a746f14
humanhash: winter-tennis-xray-double
File name:3a58c86e53478eaf6f7816f02a746f14.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:138'643 bytes
First seen:2021-04-19 12:00:13 UTC
Last seen:2021-04-19 12:49:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:jedCvCXCHOVQ52IS3bZ7eyMciJCZT6B+3x/dY:3OVIS3FigpZ2c/+
TLSH 16D3CF526BF80E21E06A0AB01FF696754B73FC758B13CA4B21853B1D0E53E859C92F76
Reporter abuse_ch
Tags:exe NetWire RAT

Intelligence

File Origin
# of uploads :
2
# of downloads :
371
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3a58c86e53478eaf6f7816f02a746f14.exe
Verdict:
No threats detected
Analysis date:
2021-04-19 12:14:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e108a32e-f268-48ef-b927-64ce872431b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/138439/
Detection(s):
SecuriteInfo.com.Variant.Graftor.915651.14894.20606.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/686764
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5cf88fd0b092517f27703199fab5cea2a4adc40a01f3c20c2f914f3122e42e1d/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lt4i7ufqsjix6j3qggm7vnoouksk3rakahz4edbpsfhtcixefyoq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210419-6afnwap9cj/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5cf88fd0b092517f27703199fab5cea2a4adc40a01f3c20c2f914f3122e42e1d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

Executable exe 5cf88fd0b092517f27703199fab5cea2a4adc40a01f3c20c2f914f3122e42e1d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/138439/
  
URLhaus
https://urlhaus.abuse.ch/url/1057558/
  
Delivery method
Distributed via web download

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-19 13:31:12 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0026.002] Data Micro-objective::XOR::Encode Data