MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78f89259285048cf21d741635d4979fd3f9fbd16632cf5fd6467e71ac2fc4159. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78f89259285048cf21d741635d4979fd3f9fbd16632cf5fd6467e71ac2fc4159
SHA3-384 hash: ae363502f4f1b05986e653f6bd2fdff282ea2765b6aba2c4a240e7debfc47b5f8bb22d6aa5e7306ccc4d530811ab5620
SHA1 hash: 1f6cdd6d40b21b581df8e5a0e2d8fd19fd7649b2
MD5 hash: 927451540c5ee45ab38189de1df829d1
humanhash: purple-fillet-four-table
File name:asdf.EXE
Download: download sample
Signature NetWire
Create hunting rule
File size:110'592 bytes
First seen:2020-04-15 11:16:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d29da944a6809447f9cf8593f7d66847 (1 x NetWire)
ssdeep 768:cfIWNhM5VRC5KB8AnSti2Ce6Jf+c9Bp4P5dyn0CCjuwLx7jD7L0YR:2tNhMC5KaESt1r64Aj4m0CCjb5ff
Threatray 248 similar samples on MalwareBazaar
TLSH EDB30622F484FDC1C8160A725AF1CEEC6510BE31AE96760734C53F1F39B61D4B6A6B86
Reporter srcr
Tags:exe NetWire Trojan.GuLoader.VB US


Avatar
srcr
Sample Source: http://marksidfgs.ug/asdf.EXE (47.254.93.85) via VirusTotal via Hybrid Analysis

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.NetWire-7667567-0
Create hunting rule

Win.Dropper.Noon-7667582-0
Create hunting rule

Win.Dropper.LokiBot-7667993-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 09:56:03 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pd4jewjikbem6ioxifrv2slz7u7z7piwmmwpl7lem7trvqx4ifmq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
13eccac589ff4426a37b8dfc64823815440f411c6f2bd59f049a59e5afad22e6
NetWire
399712e038d1abc2f9df1c4786f75f3778549068262a8e149837338b25779e82
NetWire
4b5e08d727e3e43db31db4f514737a9ac90088bb581df44beb9c0ca2c0d9bb07
NetWire
5933110e6d5714ac077e2e45c86792cb48442e48718f25fddd78d5de54487c6e
NetWire
7dddeb51f2dea719a6c6e70bf30db96e3333713d998b4f8acb31ee5cecfbb912
NetWire
a0086dfee2dba4d6a0adab05e848cfbb9755f68be7adef3ff35ff9740e5a1c2e
NetWire
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
NetWire
c4e474e869076cbf955d57568015fe56732e0b3af1592f03e023063ac2875030
NetWire
cdc410fc7ec76c6fec7439539c0c459a71ea6ccc0f8c434a278ceb20705488f2
NetWire
fe6ec6d4d80f1ecf573ef8f80c655a1112975786ecda3929154f05de51057b26
NetWire
+ 238 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/265919/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments