Overview

overview

10

Static

static

10

1484-57-0x...ry.exe

windows7-x64

1484-57-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1484-57-0x00000000000B0000-0x0000000000100000-memory.dmp

  • Size

    320KB

  • Sample

    220827-3hcplahdgj

  • MD5

    d82328c23ca19ce553843efb6b1bbc2e

  • SHA1

    f9732f45bebb78118e9f0e827b970b161c1643f0

  • SHA256

    9d1237be2eeaa044bf638cdf1dfc593f9c25b441db93217f3458e820c73f1272

  • SHA512

    0294b79a18fc652860fd993cddfae644e8b6a003cab5ae8477c73c13ed881283eb4f2070defdf0a8fc5d0e305c65df9599ff8f84f62b35a89cbddb2158415ff5

  • SSDEEP

    6144:tiAj4Yvs14NtwkIlfpC67B/eXZeta0gvm7boBqqDyIOw8B:tBj4YvCXfpC67B/eXZeMOqkHB

Score
10/10
netwirerat

Malware Config

Extracted

Family

netwire

C2

musaad1995-60255.portmap.host:60255

Attributes
  • activex_autorun

    false

  • activex_key

    {0Q55O7T5-7PG8-1407-8Y6O-8DDRN68HAD86}

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Local\Microsoft\OneDrive\OneDrive.exe

  • keylogger_dir

    OneDrive.lnk

  • lock_executable

    false

  • mutex

    vMnKWPIY

  • offline_keylogger

    false

  • password

    999000

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      1484-57-0x00000000000B0000-0x0000000000100000-memory.dmp

    • Size

      320KB

    • MD5

      d82328c23ca19ce553843efb6b1bbc2e

    • SHA1

      f9732f45bebb78118e9f0e827b970b161c1643f0

    • SHA256

      9d1237be2eeaa044bf638cdf1dfc593f9c25b441db93217f3458e820c73f1272

    • SHA512

      0294b79a18fc652860fd993cddfae644e8b6a003cab5ae8477c73c13ed881283eb4f2070defdf0a8fc5d0e305c65df9599ff8f84f62b35a89cbddb2158415ff5

    • SSDEEP

      6144:tiAj4Yvs14NtwkIlfpC67B/eXZeta0gvm7boBqqDyIOw8B:tBj4YvCXfpC67B/eXZeMOqkHB

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks