MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b9a1aa88be62eb638af26146fce0a1b71aec646d2495fb350dd6d56997e7582. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara 1 Comments

SHA256 hash: 7b9a1aa88be62eb638af26146fce0a1b71aec646d2495fb350dd6d56997e7582
SHA3-384 hash: bc1e18ed7e200c145bab53198f49db013e1ef1e1f23b1eddd4819614da5671285b153980cd5ae9e4343d613aaa3b2a46
SHA1 hash: 517710e731f08d0301c3f132d79793f3587a7452
MD5 hash: 723e38f58e65b8b7d46131511173e561
humanhash: oranges-beryllium-cola-oranges
File name:723e38f58e65b8b7d46131511173e561.exe
Download: download sample
Signature NetWire
File size:696'320 bytes
First seen:2020-06-30 13:11:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3dbf6c2cd2886e109ef90dcce86638b7
ssdeep 12288:Fe7+LHvP79bjBoxHyzKXAzgqGD4KdCIJuxd6Ur5IScz5ISF+gAuA1KzqrRUyqqjz:Qq779bjBoAzKXAPC4JYX/ebP22cjc
TLSH 56E4CF21B7D0953BDD5B1BB48C0F6AA86C267D902E99584F3AF80CCE6B7D361342D153
Reporter @abuse_ch
Tags:exe NetWire RAT

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 28
Origin country US US
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17198/
ClamAV PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/7b9a1aa88be62eb638af26146fce0a1b71aec646d2495fb350dd6d56997e7582/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Noon
First seen:2020-06-30 13:13:05 UTC
AV detection:17 of 31 (54.84%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:netwire
Link: https://tria.ge/reports/200630-cf89mf1haj/
Tags:rat persistence botnet stealer family:netwire
VirusTotal:Virustotal results 12.50%

Yara Signatures


Rule name:win_netwire_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetWire

Executable exe 7b9a1aa88be62eb638af26146fce0a1b71aec646d2495fb350dd6d56997e7582

(this sample)

  
Delivery method
Distributed via web download

Comments