MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e216062353c8bafbbed3e1fa3cd7d154aae43eec2011234f4e20ceb578237f69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e216062353c8bafbbed3e1fa3cd7d154aae43eec2011234f4e20ceb578237f69
SHA3-384 hash: 7071bad0ed1034cf5ab55a2064510e8267f7e1201a59e55ffa7dceaef86708e86ed89d8213ef297d087fac834fa1042e
SHA1 hash: 3419b9f1092d87c83eb9614e2812923cb742519a
MD5 hash: d993a407fdf84f56fa3d30a084bbc097
humanhash: asparagus-blue-september-hamper
File name:e216062353c8bafbbed3e1fa3cd7d154aae43eec2011234f4e20ceb578237f69
Download: download sample
Signature NetWire
Create hunting rule
File size:638'640 bytes
First seen:2020-07-06 06:44:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:cquErHF6xC9D6DmR1J98w4oknqO2CyQfFCQQ5a76+ryxqpFo2nuNaewl/b4qtA:trl6kD68JmloLQfkI76++YpdnuYeMD4R
Threatray 1'701 similar samples on MalwareBazaar
TLSH CCD401437A97A10EDCEE46710C6598E40965FD211C38CAFBF690F73E6A31610EDA532E
Reporter JAMESWT_WT
Tags:NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NetWire
Create hunting rule
Link:
https://www.capesandbox.com/analysis/20925/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Dropper.njRAT-6971239-0
Create hunting rule

Win.Dropper.njRAT-6971240-0
Create hunting rule

Win.Dropper.njRAT-6971241-0
Create hunting rule

Win.Malware.Azorult-6971822-0
Create hunting rule

Win.Malware.Autoit-6972462-0
Create hunting rule

Win.Dropper.njRAT-6970846-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Enabling the 'hidden' option for recently created files
Unauthorized injection to a recently created process
DNS request
Enabling autorun
Detection:
netwire
Create hunting rule
Link:
https://mwdb.cert.pl/sample/e216062353c8bafbbed3e1fa3cd7d154aae43eec2011234f4e20ceb578237f69/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 19:13:00 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
39a0ad9117de868c1aa3f891c58e750ef8688b829582c08c4c39098b94bf4f9c
NetWire
3b4671b291ffeef0bc2d488a2273b1bcc2546037229b29e4660254a71f03df82
NetWire
4300bf267e8d21ee9c7b0d906b2da7545cb5b670bc2506edc6ea97132eefe10e
NetWire
6a0649a94dadf6581c913e92f01d0d0f2414b6fb7792f36250bd565b4b6ce481
NetWire
6eb767d15a657e7d39c9534bbd4b24bcc9fb7d72b100b5456ac975a002ef93a9
NetWire
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
NetWire
8d3c18b852f38c03b74ec7de7771a9f93e6f5e3aa44d3863567d984fed0c6d88
NetWire
9a8b855058e1d8a31a302dfa49caa68baec7940553466f303a65c5eb032fb4e3
NetWire
9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14
NetWire
c41615161da87837531dc1af5636303677156e3393109d835cbc8d1994e33218
NetWire
+ 1'691 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-8qzg9wbnzn/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20925/

Comments