MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904
SHA3-384 hash: 89f3111af4b675c3c607ac38ef8461a3f101aa28a180e1c21ffbf6d5767eaef33dadc8d1675ed6f332fb74958d0bd125
SHA1 hash: 734807ef7b402219ab1badb5d5c1804639a465f9
MD5 hash: 809ff867d2cfe803ef4ae4102283b45c
humanhash: six-winner-football-cardinal
File name:MicroScMgmt.bin
Download: download sample
Signature NetWire
Create hunting rule
File size:106'552 bytes
First seen:2020-07-06 07:41:14 UTC
Last seen:2020-08-29 08:17:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75b883fc692473a6eb7f309e3f1a432d (1 x NetWire)
ssdeep 1536:F8hbftGz+wdIvO9c2tCTbol9xWH/sGqu38sIXQ+l3molT/sYs2z2kfesZ3Q+w3OS:Focx/c2ETbOGs7ucQa3ZisdQ+w3+Mmlg
Threatray 90 similar samples on MalwareBazaar
TLSH E5A3AE4BFA4FE5F1E657553080E7EA3B4539A831C03BED67FF4A8B68A8325415C1821A
Reporter JAMESWT_WT
Tags:NetWire

Code Signing Certificate

Organisation:Accelerate Technologies Ltd
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Mar 7 00:00:00 2020 GMT
Valid to:Mar 4 23:59:59 2021 GMT
Serial number: B3F906E5E6B2CF61C5E51BE79B4E8777
Intelligence: 35 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 2B48363D587B11F2726D343E0ED1D76A2E4ADBC4A383C30CDAE41ADE0006B224
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
4
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
PUA.Win.Downloader.Driverpack-6717506-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 00:59:00 UTC
File Type:
PE (Exe)
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
07bea1f0f5a11fdada688ba215ee670c1a77d2f05b0e1125edaee37e66a0819c
NetWire
37dd9ac0253be5eb6036877963ff457db90932e34d9bbd2c18852bf8bfd873c2
NetWire
871e90a64852a59a33ae1e9cf32b09dc97d37edd27ac6478d51ca20363ad0529
NetWire
a2976291bd9d3b613e6a026e9edb9f6ea1385d64429289443a6df08764b29464
NetWire
a6009a6b0724811f3bb71fc6f0c6b3b1aad71448948175949c7eb8af82034e91
NetWire
a63dfd81e0eb6283bc0051a3c1f80ba0eb818d132aafe5e6a1cc3cd63a3433ff
NetWire
c224d671ef8ea5bfdc03b9a33d7ae043827b83c2ddc96e7ce128efb36f26fb9e
NetWire
c23b098a627d1c8449fad6756007c3b2a7ae20c3e70c74bbe4154c8b1651c84e
NetWire
cc8867a5fd62b82e817afc405807f88716960af5744040999b619b126a9ecf57
NetWire
eb638769c780ac51f18d725025755c04acb90936ef9601137bf9fcaab8b47626
NetWire
+ 80 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-vccnsxdrds/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/ShadowChasing1/status/1280024110249046019?s=20
Cape
Cape
https://www.capesandbox.com/analysis/21327/

Comments