General

  • Target

    5e3bdf77c3b1b40c7e2219aa82fe6b0f30989bd58a27978a8a352a7ba5934860

  • Size

    89KB

  • MD5

    3c5b1f0eb1444a37bf8a7f21d9d7f985

  • SHA1

    b3f5ba2fc4e02f6ab79fb2fa719901eec29ee7bc

  • SHA256

    5e3bdf77c3b1b40c7e2219aa82fe6b0f30989bd58a27978a8a352a7ba5934860

  • SHA512

    06b8b05d7e5dcc4d44a10fd56a2c1280390b0c646bd550baad901499cb675cbf17b2d340c02954057c422059642f9447ac2cce72a52cd31afc1d5971278382bb

  • SSDEEP

    1536:b2giUJrMJvmpUMyB43RWKRaQ71XubjyKhkkIs1ZZsNIT/LxDhw:b2LiQmpUbB4kKP1Xubjy4Is1ZwI/Xw

Score
10/10

Malware Config

Extracted

Family

netwire

C2

sgteyor.ddns.net:39888

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    true

  • delete_original

    false

  • host_id

    Eyor

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • mutex

  • offline_keylogger

    true

  • password

    Master0147

  • registry_autorun

    false

  • startup_name

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
  • Netwire family

Files

  • 5e3bdf77c3b1b40c7e2219aa82fe6b0f30989bd58a27978a8a352a7ba5934860
    .exe windows x86

    8e97a1515090baa46f52cf0ff6a6d12f


    Code Sign

    Headers

    Imports

    Sections