netwire | 60d234d54c25dcef19a64ded3a587072 | Triage

Sharing

General

Target

60d234d54c25dcef19a64ded3a587072
Size

160KB
MD5

60d234d54c25dcef19a64ded3a587072
SHA1

7209018f3e29225363f92f7e04e35ca7001dcf39
SHA256

4f10d7a2e964aa6c91e4b2da80fe82f8a566ca8a541592a4789b48f4dba11581
SHA512

a67d5a511809d0bbff7d8a327fc63e47713bb0928488028441f41dbbc75c5b759607af437b7617446e730debabc427aaf5f1b945c715e3e454d17811be921674

Score

10^/10

rat netwire

Malware Config

Extracted

Family

netwire

C2

127.0.0.1:3360

66.42.43.177:443

Attributes

activex_autorun
false
activex_key
copy_executable
true
delete_original
false
host_id
HostId-%Rand%
install_path
C:\Windows\System32\spool\drivers\color
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
Password
registry_autorun
true
startup_name
sysWOW32
use_mutex
false

Signatures

NetWire RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample netwire
Netwire family
netwire

Files

60d234d54c25dcef19a64ded3a587072
.exe windows x86