MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
NetWire
Vendor detections: 3
| SHA256 hash: | a0d38e74310877d9ee7a4d0e75e25272adb25199527d19bc08c0f1ebb21f9ce6 |
|---|---|
| SHA3-384 hash: | ecc7217fabc0894561b2f0cc11a6392b7779469688aa732090d10f0b3c5afad1aebb16e6fb4267a6216f2c764e8ce564 |
| SHA1 hash: | c2c4d28c4dd5a2e7c324d5bd20d32da715948b15 |
| MD5 hash: | 87499534d2612954a4c6574dc96bf336 |
| humanhash: | california-hydrogen-high-angel |
| File name: | c59a66e31501eee2b1eb5055e03c047f.exe |
| Download: | download sample |
| Signature | NetWire |
| File size: | 171'520 bytes |
| First seen: | 2020-04-06 02:10:18 UTC |
| Last seen: | 2020-04-06 10:00:10 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| ssdeep | 3072:0JLOBWPehFPLueYPttnpDLDpUSlVmN1T0+73qZdUkKtV:MeLrYV3DLDeSlQNd73qZTKtV |
| Threatray | 2'254 similar samples on MalwareBazaar |
| TLSH | 2CF3BF32DA41C471E2B241B1FA7D0B7B883D4D35329861E6E7B126E06EF44A5B52E31F |
| Reporter |  abuse_ch |
| Tags: | exe GuLoader NetWire |
abuse_ch
Payload dropped by GuLoader from the following URL:https://drive.google.com/uc?export=download&id=1RvY32zw0we8fXiSK7B7CGbshU7aIO4ON
Intelligence
File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Formbook
Status:
Malicious
First seen:
2020-04-06 02:35:21 UTC
File Type:
PE (Exe)
AV detection:
42 of 47 (89.36%)
Threat level:
5/5
Verdict:
malicious
Label(s):
netwirerc
Similar samples:
+ 2'244 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
f1d75862bf0f19235eb2a4846307f23bd531ad61d6f389e09299384fd5320939
Dropped by
MD5 c59a66e31501eee2b1eb5055e03c047f
Dropped by
MD5 297644fb7a6aeb4896fab0ad401a5d1a
Dropped by
GuLoader
Dropped by
SHA256 f1d75862bf0f19235eb2a4846307f23bd531ad61d6f389e09299384fd5320939
Dropped by
SHA256 0046a9898730e038ffa4e71e86b185a63217ac74caebbe9bd33e1f93d3a11bb2
BLint
The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.
Findings
| ID | Title | Severity |
|---|---|---|
| CHECK_AUTHENTICODE | Missing Authenticode | high |
| CHECK_DLL_CHARACTERISTICS | Missing dll Security Characteristics (HIGH_ENTROPY_VA) | high |
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.