MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdb81c63c05c1850a79a3441001e9f007fea5851a06090da724c8fe924204e93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara 1 Comments

SHA256 hash: cdb81c63c05c1850a79a3441001e9f007fea5851a06090da724c8fe924204e93
SHA3-384 hash: 69da097ce54af24118344855f6e46419872cca45a19bc457cc98f925ee8b84e96384b543c9f83db0fe78448aa1e7a078
SHA1 hash: e0d2116b60b1244b66ce308b6298f276abdc11cf
MD5 hash: b5e5f010307dc8786b20e0ee1bbc969e
humanhash: thirteen-sixteen-black-maine
File name:01_extracted.exe
Download: download sample
Signature NetWire
File size:1'216'512 bytes
First seen:2020-06-22 18:41:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash afcdf79be1557326c854b6e20cb900a7
ssdeep 24576:wAHnh+eWsN3skA4RV1Hom2KXMmHaVUD712rCEcMKQbY5:nh+ZkldoPK8YaVe13EhPS
TLSH 5245BE0273D1C036FFABA2739B6AF64156BC79254123852F13981DB9BD701B2263E763
Reporter @Racco42
Tags:exe NetWire

Intelligence


File Origin
# of uploads :
1
# of downloads :
43
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2020-06-22 18:43:04 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
netwire
Score:
  10/10
Tags:
rat botnet stealer family:netwire
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Drops startup file
NetWire RAT payload
Netwire

Yara Signatures


Rule name:win_netwire_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments