MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7af7b083ccaf83c1b1b4c7083b4c121472846f1b7343a0a83c883a8561fc62dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7af7b083ccaf83c1b1b4c7083b4c121472846f1b7343a0a83c883a8561fc62dc
SHA3-384 hash: 9abdd42f274a4b7a8af80ba00b79d6fdee628a058a8a37505f90e12e353531b96a2982196ab4b4e1458bc5305ec89d6c
SHA1 hash: f0a6ed4ef9576aaa3a19d067fddab7807b3a9bd7
MD5 hash: 96d38bc4a675ab2505806d9ea4df6bea
humanhash: november-robin-robert-cola
File name:Fiche de Poste.scr
Download: download sample
Signature NetWire
Create hunting rule
File size:465'920 bytes
First seen:2020-05-11 20:37:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e63ba35b0624acab11f4d58874178dd7 (1 x NetWire)
ssdeep 1536:3ZECjLuqs43N7b3U9OKEpH8bgtuON1npxmUbLiKonmV0xvlptTlKv:LJjZ1eaatptTy
Threatray 696 similar samples on MalwareBazaar
TLSH 53A481017AA4EC6EC4C97976CF60F2AECB62AC75587098337388774D0F729429D2426F
Reporter c_APT_ure
Tags:NetWire

Code Signing Certificate

Organisation:DigiCert SHA2 Assured ID Code Signing CA
Issuer:DigiCert Assured ID Root CA
Algorithm:sha256WithRSAEncryption
Valid from:Oct 22 12:00:00 2013 GMT
Valid to:Oct 22 12:00:00 2028 GMT
Serial number: 0409181B5FD5BB66755343B56F955008
Intelligence: 9 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 51044706BD237B91B89B781337E6D62656C69F0FCFFBE8E43741367948127862
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Nanocore-7768204-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 22:50:32 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pl33ba6mv6b4dmnuy4edwtascrzii3y3onb2bkb4ra5ikyp4mloa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
5e511d66664d13e1276eb5d08ea2e48e004a614d114f2b35c2a742912694dfd7
NetWire
5f9b8ce62abc0d49b1bb253bd51286151a8b3d3f09fdb9e37cd964f80df26669
NetWire
8077b9d3b809c1b66793e7292d7afdb401efa60fe9be607bb48a30bcf005af06
NetWire
98af60250a9e0cedaa66f04fe39c412bd0007855255547df68f5da46686c9ced
NetWire
a45d9c8d3f5ceb809b8ee497e806d29d6e379ae0603aea8b733096afcf86bdcc
NetWire
aa3420190b3e22959cfb4715307027404fe5cb492faf5546189a20b82b9e4e37
NetWire
ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
NetWire
b1d1654f14052fe13960bbde4280f2f1d34e802293dddb47c971ce833bb5bda5
NetWire
c9dae8af9343e2bb59a9c6cbfa04b09bcbffe2a75893d797ec2a9c50c6253afe
NetWire
d629c357618d0af63380cbd227dcdba8ec9af89e243ae67faaa7343ce9a91f01
NetWire
+ 686 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-chr3rthcca/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks QEMU agent state file
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments