netwire | 5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f | Triage

Sharing

General

Target

5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f
Size

988KB
MD5

d03ba9e213edd46a343511e079637126
SHA1

5ce61b2a7b537ef63784084a1b0a26fd7d7fbd44
SHA256

5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f
SHA512

302c6e6bbb72241ac7e759be24b8c737ac41c90cb6af02f734aba98489dce8b571ef17d3b99b4e64ce3df435f585f5e14f4f781e11343ff2aa126d0d99312eaa
SSDEEP

24576:vkzJTC8HU7dAaLjV9wqOAEAmR2dEvuylQ:vk9uTaUjLEAddwuQQ

Score

10^/10

rat netwire

Malware Config

Signatures

NetWire RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample netwire
Netwire family
netwire

Files

5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 529KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ