netwire | 684-66-0x0000000000400000-0x0000000000497000-memory[.]dmp | Triage

Sharing

General

Target

684-66-0x0000000000400000-0x0000000000497000-memory.dmp
Size

604KB
MD5

48a8e915649e0e97eca1f184dc6ebce2
SHA1

a9c8abf6f564185e8e00b332e41d6479979c4b2b
SHA256

bf2f3c3bfd2ba7f2f2797c9ed2df083f22396c38c59d6e417d65eaaa749e4a55
SHA512

2952b3dffb2c87e3c322c5f326a30db6a27dab7e6f82b5678ffd7ecfeb8c41e2d4e46bf103c637c276781ea95e2a5bd35bbdf7519259d3d82dd9e1ccee2a25ef
SSDEEP

12288:pO9WX2YItz2n+ga4VKCn2mvlY7y6MoYg0JTCa6+zhtJl2RLdr/:2WmYIg64VKl2Cy6u1tJlkLdr/

Score

10^/10

rat netwire

Malware Config

Signatures

NetWire RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample netwire
Netwire family
netwire

Files

684-66-0x0000000000400000-0x0000000000497000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ