MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b1b5389e9953290c088469ae38ceb0c58899b90226fbc217012c965e523149c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b1b5389e9953290c088469ae38ceb0c58899b90226fbc217012c965e523149c
SHA3-384 hash: bec6c5b94d8ff82ea008026caa1864c145f9b7943f1a595c1ec0a9fec8930d066e028623575647e29b46655662d67d1a
SHA1 hash: 4387192652abb6df1eebe4d4bb4907ad7c088bfe
MD5 hash: b0897c39242e422d48f13b9a64b4145c
humanhash: mars-burger-artist-magnesium
File name:01_extracted.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:436'736 bytes
First seen:2020-07-24 21:20:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4563c74acbd357d386b177e402b96ce4 (60 x NetWire)
ssdeep 12288:rK+Nr8MrYi/wqRsQRZgFMIQ3jGPkexKnslqcor:G+r8sYi/w4tz3yInslhO
Threatray 275 similar samples on MalwareBazaar
TLSH 4194BE08F99794F6FE0B4EB484A7F32F47B17A11C531DF4AEF042D81DA23A650609A6D
Reporter Racco42
Tags:exe NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
335
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Netwire
Create hunting rule
Link:
https://www.capesandbox.com/analysis/32282/
Detection(s):
Win.Dropper.NetWire-8025706-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Threat name:
NetWire
Create hunting rule
Detection:
malicious
Classification:
troj.spyw
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/397739
Behaviour
Behavior Graph:
Download SVG
Detection:
netwire
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9b1b5389e9953290c088469ae38ceb0c58899b90226fbc217012c965e523149c/
Threat name:
Win32.Backdoor.NetWired
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 21:22:07 UTC
AV detection:
44 of 48 (91.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmnvhcpjsuzjbqeii2nohdhlbrmitg4qejx3yilqclewlzjdcsoa._file
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
07f411bd02cb5654c8903477700a32802c0ed1f445d14144bc306a2af3aa7910
NetWire
1a4ea9c422e80abe0f0abd7cbc73e3070b0345d2e9ab5ff57840230240f10f47
NetWire
1ac8944d42d3a594940bbd74613193bc47430b6c6c958caf9a5b4521bd9efb91
NetWire
249e738650027df7635aa70373e2e2f936eb58e1a208fdc8df9ee2f66e4cb9e3
NetWire
5336d0fb346782de19c1a549e7ced6ca5c73fbcf897ac78d645219ec2033bdb5
NetWire
760c5c96174d0f5f899970f3b35da290b831f4c85221b1e274a5491fcf08b264
NetWire
76f20f51dda2d37c9e1c9ddff49fa03defa148abcfd399dfd2c0633f5609cc7d
NetWire
b5ee8f5810eb5518c8481f845d0bbbdb3e7e1709baeafc3ef7479affd314e91f
NetWire
eaf820c89e009bafc8d9b577392f83a203e37ffc8b0a3e9281e313a705836e28
NetWire
fcfc89b5ad3b4e406664cdd8408f56fe8b0c9a9eeb50fc821f2e89a9785c9f3e
NetWire
+ 265 additional samples on MalwareBazaar
Result
Malware family:
netwire
Create hunting rule
Score:
  10/10
Tags:
rat family:netwire
Link:
https://tria.ge/reports/200724-eez6js1al6/
Behaviour
NetWire RAT payload
Netwire family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9b1b5389e9953290c088469ae38ceb0c58899b90226fbc217012c965e523149c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/32282/

Comments