General

  • Target

    7d7852eacfba290a534740b85f3b57925dcf978c070f86f68d6f8da4b8d6d1f2

  • Size

    89KB

  • MD5

    6eec797acc29b3b2e6dc47d913049c62

  • SHA1

    2ab8f08108208b902461d37d6679e2be8a324fdf

  • SHA256

    7d7852eacfba290a534740b85f3b57925dcf978c070f86f68d6f8da4b8d6d1f2

  • SHA512

    df33000b829194b9a3a82d655c0c73a7488bb4f869c397ab9e2d874a2632790d695dba15a848d0db2cc89648ce8011cd88b6c11254d017c99df130ef843f7dfb

  • SSDEEP

    1536:b2giUJrMJvmpUMyB43RWKRaQ71XubjyKhkkIs1ZZsNIT/cDhw:b2LiQmpUbB4kKP1Xubjy4Is1ZwImw

Score
10/10

Malware Config

Extracted

Family

netwire

C2

160.202.163.242:8704

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
  • Netwire family

Files

  • 7d7852eacfba290a534740b85f3b57925dcf978c070f86f68d6f8da4b8d6d1f2
    .exe windows x86

    8e97a1515090baa46f52cf0ff6a6d12f


    Code Sign

    Headers

    Imports

    Sections