MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cafd9b602e666abf81ea94c48663a8a1ebbf06746ed799be5184ecb748ae304. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetWire

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	8cafd9b602e666abf81ea94c48663a8a1ebbf06746ed799be5184ecb748ae304
SHA3-384 hash:	95e3a8626081e1cadc4fc438f5f22b5d8405ee7af725600d3afbe453b34fc057ef93d86e98b897494a6ff9f13954521e
SHA1 hash:	d635e6759c2e2ca7d943eb8def1ee4e5f384edec
MD5 hash:	9811724ebffc593b09431ae46a1f57df
humanhash:	ink-nitrogen-lithium-idaho
File name:	RFQ PO19801.exe
Download:	download sample
Signature	NetWire Create hunting rule
File size:	868'352 bytes
First seen:	2020-09-04 13:27:55 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	12288:FlGhrebaTmx+roSDp37ow2lwSLeDz5FDdAA:FlmyaCE137owtSLo5rA
TLSH	0B05D871B6C354B5DC2705308079FADB72227608B964CE2EF9D32F0AAE1375B271794A
Reporter	James_inthe_box
Tags:	exe NetWire

Intelligence

File Origin

# of uploads :

# of downloads :

289

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Ispy

Link:

https://www.capesandbox.com/analysis/56054/

Detection(s):

Sanesecurity.Rogue.0hr.20200904-0609.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Creating a file in the %temp% directory

Creating a file

Changing a file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8cafd9b602e666abf81ea94c48663a8a1ebbf06746ed799be5184ecb748ae304/

Threat name:

ByteCode-MSIL.Trojan.NetWiredRc

Status:

Malicious

First seen:

2020-09-04 02:12:06 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=rsx5tnqc4ztkx6a6vfgeqzr2riplx4dhi3wxtg7fdbhmw5ek4mca._file

Result

Malware family:

netwire

Score:

10/10

Tags:

rat family:netwire

Link:

https://tria.ge/reports/200904-9b5se4m2lj/

Behaviour

NetWire RAT payload

Netwire family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

netwire

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8cafd9b602e666abf81ea94c48663a8a1ebbf06746ed799be5184ecb748ae304

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/56054/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample