netwire | 5df301c45505883b745dc94cb454dde16fa31b1146bd6f71588faaad49ab4ca9 | Triage

Sharing

General

Target

3760-146-0x0000000000400000-0x0000000000450000-memory.dmp
Size

320KB
Sample

220902-pgzabagba8
MD5

083b32b14fb6ef3c96984028cfd18bba
SHA1

3047e0409fa46490dfc058e07bd8c027e466d580
SHA256

5df301c45505883b745dc94cb454dde16fa31b1146bd6f71588faaad49ab4ca9
SHA512

9de0d4591c022e6024e477efe86e0f1593e7bc3ad77a14f5a5c536c5a5d7f02d9b6de311d2d09a60015d79cb89e841b5b8ea83f1f19a022a6d002727d1a43a17
SSDEEP

6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8XT8B:elnot4+UwLDiT6OzR8llAgqJB

Score

10^/10

netwire rat

Malware Config

Extracted

Family

netwire

C2

podzeye2.duckdns.org:4433

podzeye2.duckdns.org:4411

podzeye2.duckdns.org:4422

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  3760-146-0x0000000000400000-0x0000000000450000-memory.dmp
- Size
  
  320KB
- MD5
  
  083b32b14fb6ef3c96984028cfd18bba
- SHA1
  
  3047e0409fa46490dfc058e07bd8c027e466d580
- SHA256
  
  5df301c45505883b745dc94cb454dde16fa31b1146bd6f71588faaad49ab4ca9
- SHA512
  
  9de0d4591c022e6024e477efe86e0f1593e7bc3ad77a14f5a5c536c5a5d7f02d9b6de311d2d09a60015d79cb89e841b5b8ea83f1f19a022a6d002727d1a43a17
- SSDEEP
  
  6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8XT8B:elnot4+UwLDiT6OzR8llAgqJB
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2