MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5b32b4bb73f9bf50a9e4e3236ea3bf54577675b46d98deb142d668e7ea1653a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5b32b4bb73f9bf50a9e4e3236ea3bf54577675b46d98deb142d668e7ea1653a
SHA3-384 hash: 7e46369a5d9441618dddf5bf8174d18122a2a286ee9e1e2d6c3ef873f02fa517a62f9825b32b26c4ea27981385ff3e94
SHA1 hash: 288900ddc22b2697284b30588d799352698b5622
MD5 hash: c054d0ac422d023768f703b7bc4480dd
humanhash: spaghetti-wyoming-winter-fruit
File name:1757226951.bin
Download: download sample
Signature NetWire
Create hunting rule
File size:3'087'360 bytes
First seen:2020-06-12 10:58:08 UTC
Last seen:2020-06-12 11:59:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 93e524647cb3cfad6257015f5cad5f78 (1 x NetWire)
ssdeep 24576:IiEntoAJ5Nzfya/FcaKfjAT6VcN48MzHgG2cQRzcsG7atcxBESy28SqeUkBNnQwX:I7ntTJ6KEuNGxWSy2akBi4t4DUx7
Threatray 510 similar samples on MalwareBazaar
TLSH 45E57C32B745543FD46B0B35097BAAA4993FBB713A26894F97F0184C8FB55803D3A24B
Reporter JAMESWT_WT
Tags:NetWire

Intelligence

File Origin
# of uploads :
2
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10038/
Detection(s):
PUA.Win.Packer.BorlandCpp-9
Create hunting rule

PUA.Win.Packer.Exe-6
Create hunting rule

PUA.Win.Adware.Dealply-6840263-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Masson
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 17:01:41 UTC
File Type:
PE (Exe)
Extracted files:
25
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
1c1035301c27d73a161ca96f9732f5024eb924798ce95d76d274b751ff87aa2f
NetWire
3434bb383c8dd721266f60e07820474205d70c5da9ebb465109ace7894567437
NetWire
40d8ba1b4ae578829ce958a356395307e27eda0512bc78021ccb93e4b26134f7
NetWire
480e69a305098701404ab144ae64f297e342ca265309dfb7105bbc944aa31cae
NetWire
9105005851fbf7a7d757109cf697237c0766e6948c7d88089ac6cf25fe1e9b15
NetWire
b5f9a952c4009061a21147103fc6d762c60e070fc588cab92846fc1c29679715
NetWire
d1d7d8270c7e5545ef984255a425c14f01379aec8cac34f74ebf4e01caf047ff
NetWire
f6262c14a5f6c845a95cab29a6e1e2a662d5df47499935c1f050d908ee01db90
NetWire
f83198c03626e0cd56156ebe79ac221f9a875aa32a3a1aa783aba69f1df1e604
NetWire
ffd24bd48e21a03c0b7fc884a12bd22e88e8d56735d810fccb64e6e6ca27768d
NetWire
+ 500 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3alq1wy9cn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
ServiceHost packer
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10038/

Comments