netwire | 715788fb520b3873db406fdf59521afa | Triage

Sharing

General

Target

715788fb520b3873db406fdf59521afa
Size

160KB
MD5

715788fb520b3873db406fdf59521afa
SHA1

096e3741fd8babb84d433fa9ccb866b4fe0435e3
SHA256

dbe60153ede523dc838e9289aa0b43c5022c182b85396381b96b5d44c1698e27
SHA512

74a88eba916b6da1dfb3365741df54cdcb7a4faf4029c53c0a39d28753ab674f55230d3aab9af9e4d9b1655adbe08739d9315d8aa9510768aedfebfa4c35c417

Score

10^/10

rat netwire

Malware Config

Extracted

Family

netwire

C2

127.0.0.1:3360

66.42.43.177:443

Attributes

activex_autorun
false
activex_key
copy_executable
true
delete_original
false
host_id
HostId-%Rand%
install_path
C:\Windows\System32\spool\drivers\color
keylogger_dir
lock_executable
false
mutex
offline_keylogger
false
password
Password
registry_autorun
true
startup_name
sysWOW32
use_mutex
false

Signatures

NetWire RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample netwire
Netwire family
netwire

Files

715788fb520b3873db406fdf59521afa
.exe windows x86