MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3212a19bbf13d1e8c9d6c80be5dedd5ce5d13acfd276d8a1c29370d500196bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3212a19bbf13d1e8c9d6c80be5dedd5ce5d13acfd276d8a1c29370d500196bd
SHA3-384 hash: da3e630dccd1b1261aea6c41ef9ea547d36d4d433de0fb98fa48d73f5f169602efbf83489963d20852ca1982199cb234
SHA1 hash: 76bdf7826e4e95967765e251d3f55371c85b09f5
MD5 hash: 2de4dd4156d37af408a4c9fa51f25163
humanhash: neptune-chicken-bakerloo-lake
File name:utasarmsinc.ru_live__dew009.exe
Download: download sample
Signature NetWire
Create hunting rule
File size:569'344 bytes
First seen:2020-03-18 19:23:23 UTC
Last seen:2020-03-18 20:46:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f3d5331bde2089bbfd72136e096a3f16 (1 x NetWire)
ssdeep 6144:aRX4D45c6JhOzmPG69C5E8DGpOzUI4rqpU+FXSmogC5ij:TD4a6JIZ69CiYG8PIqpiwC0j
Threatray 4'657 similar samples on MalwareBazaar
TLSH 81C4F27CE67D6462F98DC13736DFC8B610E05C28502255C77EBE7A9A86B720E3D8C906
Reporter ov3rflow1
Tags:exe NetWire

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.PonyStealer.Im0@cuBlcBii.21571.12042.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vbinject
Create hunting rule
Status:
Malicious
First seen:
2018-03-17 17:11:00 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
1b5be721b01afba707b56c346bc64a246cfd8b0cf06ce89ea290cfd748f1b577
NetWire
20e5edeac32212fe8dcc9e5ab6f872d7e647e5e78eb707f2e0704817e3c092e0
NetWire
2ea74bf397854358ce0363ce3176f0c0dc40ac0efb6f378422e2d72c8c078372
NetWire
2ff76dce8a2f9ea8d6904b9705447ff3fb45e77fa32a3f2c446f318b4aee2148
NetWire
455f9457f0b901603911b305f2fdab9186a395cf31e9aa8f3a29243a369a8f52
NetWire
8d703de189a2ba36e099a2276e2ba596d40c54c21eec779286667e8dd6c2e5b8
NetWire
99737bd60422defc150edf7e1ec863acd6d2e599e8139aa987b6b4c43ab18cec
NetWire
9efeacb28688b709ed2b817977d8ace64b4b4674f5540f282017c78a32755145
NetWire
9f10a3e22fd6722a29b863e9ab03a41234d3339414331bb074226dcc3195d610
NetWire
e89f7cbe30c473af31238429762b1d46ed174fefa8bf559198766fb1658905fd
NetWire
+ 4'647 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e3212a19bbf13d1e8c9d6c80be5dedd5ce5d13acfd276d8a1c29370d500196bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/228/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments