Overview

overview

10

Static

static

10

268-71-0x0...ry.exe

windows7-x64

1

268-71-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    268-71-0x0000000000400000-0x0000000000433000-memory.dmp

  • Size

    204KB

  • MD5

    7f0cecaabe8738543d355608e9613df6

  • SHA1

    618a5e475c4672d7f442fd66df3a7a64ac6efa9f

  • SHA256

    39a0ebfd8e67e50eee5127ae9f37a9ef5efd149bb6116fc0de31708a8dbbe2fd

  • SHA512

    dfb47266ce6070dda0c6045d3455660760e3e27d050a9c853ad2345f7139b56f9dbc60e3ba3e510f85daf3b1e342f5b06e6b5747578927f3dcfb21b15c313dd7

  • SSDEEP

    3072:S3bwUUCZjY/UURTbaiceGUlzFr0qOnZEcsx8VLJSYMSMqqD:S3kUjJY/fRT+iceGUlzFruZdJSzxqqD

Score
10/10
ratnetwire

Malware Config

Extracted

Family

netwire

C2

185.140.53.154:3343

185.140.53.154:3345
Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Pass@2022

  • registry_autorun

    false

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire

Files

  • 268-71-0x0000000000400000-0x0000000000433000-memory.dmp
    .exe windows x86


    Headers

    Sections