MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae6f078b6a993e8bd82b0ac786409354d9695661b55822d04d31ef8277749e72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae6f078b6a993e8bd82b0ac786409354d9695661b55822d04d31ef8277749e72
SHA3-384 hash: 732bee7022cd96f9a58667682aec419b92594aee54d6072e047d01b4ac33a75ef52d815538c9a59a42f84a8ff0591e4d
SHA1 hash: dae3c8a76ed76ff4ffa40d317efcdf0b765fe104
MD5 hash: 96a3b8a2bd228e0cd79fbd11be5918e5
humanhash: asparagus-enemy-neptune-zebra
File name:Scan.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:41'472 bytes
First seen:2020-04-30 14:23:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 768:k77XAmkXuZhCxC6bIuE2VCPE+49h9m+RR9zYcHeUZ:k77XZ2BtOE+49rFcU
Threatray 382 similar samples on MalwareBazaar
TLSH 9C13721762ED7EE5E4750AB13BB767C1C729DE011703E61E69E82219EA3F1437A423C8
Reporter James_inthe_box
Tags:exe NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 08:15:35 UTC
File Type:
PE (.Net Exe)
Extracted files:
15
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
00a0100d050d944a9ffcec6964dd2b4f04e19a7e86ef5e03444824db2ca602b2
NetWire
0908ec548031faf4a16f0a77c9ebcb4a2706af574ea6e5af3561b4effb5218c4
NetWire
19ca70210efcd08d6a96909cebb3e8cdfc941456e07893122730e5c5b344b294
NetWire
423c069531aaf4e8b3208735fd9d4b95d3f482090460ef3702ed65a515375cee
NetWire
4e53bd81fd15220f8be50f3504bbcef5ce662c8ecd938b35a093883090fe0af2
NetWire
4f4fea6db2461b86970c7767a543c4e054ebaa81d174ad3f668e8652e6b93f30
NetWire
a189cf37a0134b34b5f3bea733946be125003319bccccc9cfcff9d8367506010
NetWire
ac96933a868de80a511a0e06c85e52e5bc32f88152d2b83759f7038a03530887
NetWire
c30b857aad842eb28dc5bb3588c59c15e95c5242fed5fe81f34181813122261c
NetWire
e4bb158234319609a3d891e08f7ae6d6deee7fac7138639a8954dae5f281eea8
NetWire
+ 372 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments