MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6262c14a5f6c845a95cab29a6e1e2a662d5df47499935c1f050d908ee01db90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6262c14a5f6c845a95cab29a6e1e2a662d5df47499935c1f050d908ee01db90
SHA3-384 hash: 229ed2952257a30459e31475377c45b05020721ba85bc47037e6ee23adb18a5b61ed3184171561e0ddc388db147e577d
SHA1 hash: 5c9ead920d60b5ea5f6ffb6837e7dca9441ea56f
MD5 hash: b16f29378b23bb9802f6564228b176a0
humanhash: early-lactose-asparagus-stream
File name:f6262c14a5f6c845a95cab29a6e1e2a662d5df47499935c1f050d908ee01db90
Download: download sample
Signature NetWire
Create hunting rule
File size:3'735'104 bytes
First seen:2020-06-18 06:28:16 UTC
Last seen:2020-06-18 07:45:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e18e8e8cca2f709bf22e8515cdc46b3b (1 x NetWire)
ssdeep 49152:B33o6ws3RERQSE3i5IQ7m0vfd6dNEitKPxgvUvS4:BI+3X3OdWEiqgvU
Threatray 511 similar samples on MalwareBazaar
TLSH 65069D22B245543FD02B1B39097B7A68953FBB713A26C85B57F01D4C8F3A591393A38B
Reporter JAMESWT_WT
Tags:NetWire Parallax RAT signed

Code Signing Certificate

Organisation:Symantec Time Stamping Services CA - G2
Issuer:Thawte Timestamping CA
Algorithm:sha1WithRSAEncryption
Valid from:Dec 21 00:00:00 2012 GMT
Valid to:Dec 30 23:59:59 2020 GMT
Serial number: 7E93EBFB7CC64E59EA4B9A77D406FC3B
Intelligence: 85 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0625FEE1A80D7B897A9712249C2F55FF391D6661DBD8B87F9BE6F252D88CED95
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19694/
Detection(s):
PUA.Win.Packer.BorlandCpp-9
Create hunting rule

PUA.Win.Adware.Dealply-6840263-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 09:42:15 UTC
File Type:
PE (Exe)
Extracted files:
25
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
3434bb383c8dd721266f60e07820474205d70c5da9ebb465109ace7894567437
NetWire
480e69a305098701404ab144ae64f297e342ca265309dfb7105bbc944aa31cae
NetWire
5741d60ead4ec57c71e274d23d6a4550650e54edf7613a180de90749a0c651ca
NetWire
5b3cc30719578d96ef64e9341e00eedb05512ee9692b2eff924aabc54e7a16e4
NetWire
608ec84d6c6d1b552b0c77210475ead69a437d02cc688d60e798cf530c02897e
NetWire
797a9a105652922546340d44d623196f8f5d22410011156a710bdf4f239a3d40
NetWire
9105005851fbf7a7d757109cf697237c0766e6948c7d88089ac6cf25fe1e9b15
NetWire
d1d7d8270c7e5545ef984255a425c14f01379aec8cac34f74ebf4e01caf047ff
NetWire
e5b32b4bb73f9bf50a9e4e3236ea3bf54577675b46d98deb142d668e7ea1653a
NetWire
f83198c03626e0cd56156ebe79ac221f9a875aa32a3a1aa783aba69f1df1e604
NetWire
+ 501 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-fx9hwlcmjx/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/19694/

Comments