MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e1f4d1179a5aceeb71f0e122d2e48fdfcd76e0c4e92475bb54dff0d8f5edf59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information 2 Yara 7 Comments

SHA256 hash: 9e1f4d1179a5aceeb71f0e122d2e48fdfcd76e0c4e92475bb54dff0d8f5edf59
SHA1 hash: ff14455ea77cbf04780b75056110ae8b4aba6546
MD5 hash: 5ccf7132bcb31bcf3c8b40aada170b82
File name:5ccf7132bcb31bcf3c8b40aada170b82.exe
Download: download sample
Signature NetWire
File size:110'592 bytes
First seen:2020-05-23 15:34:08 UTC
Last seen:2020-05-23 15:46:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f7ba173974ed1b72d43da3a889d06d1b
ssdeep 1536:B4xZO08TvYzKt6IfL82VclnLDBuCGLiS09DE7v8SAsY:BrFnnctDS50P
TLSH 0FB30963B5D98CF1EE340F704A35EAA73D2BAC2519508F07B089BB8D15372CE687265D
Reporter @abuse_ch
Tags:exe NetWire RAT


Mail intelligence No data
# of uploads 2
# of downloads 31
Origin country FR FR
VirusTotal:Virustotal results 20.83%

Yara Signatures

Rule name:Malicious_BAT_Strings
Author:Florian Roth
Description:Detects a string also used in Netwire RAT auxilliary
Rule name:MAL_unspecified_Jan18_1
Author:Florian Roth
Description:Detects unspecified malware sample
Reference:Internal Research
Rule name:masslogger_gcch
Rule name:netwire
Author:JPCERT/CC Incident Response Group
Description:detect netwire in memory
Reference:internal research
Rule name:Suspicious_BAT_Strings
Author:Florian Roth
Description:Detects a string also used in Netwire RAT auxilliary
Rule name:win_asyncrat_j1
Author:Johannes Bader @viql
Description:detects AsyncRAT
Rule name:win_netwire_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 9e1f4d1179a5aceeb71f0e122d2e48fdfcd76e0c4e92475bb54dff0d8f5edf59

(this sample)

Delivery method
Distributed via web download