Overview

overview

10

Static

static

10

1040-96-0x...ry.exe

windows7-x64

1

1040-96-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1040-96-0x0000000000980000-0x000000000101D000-memory.dmp

  • Size

    6.6MB

  • MD5

    97635a55fa5ed1f68066b49a94f5cf21

  • SHA1

    28dedbd350b607e2e978c4a16cd7a0c5578944ad

  • SHA256

    f81cc34b89e7922fd23d9744aa1e53ca84ae39f148eb4e628418185b35b04cad

  • SHA512

    06d204f3b24486777ecf975a6e755650ac4480bdf2a3024886d6114a1e0e7955c1e110f109f46b976116e580193239ff18a4d394842b1c7f6f1372c84484e4bc

  • SSDEEP

    3072:rO7PEfCuF7PuO6oG/ljsrfotcMHifxHDlLLjbHZYMjMqqDvFf:rOLEauF7J6oG/ljsrgKMCX5zQqqDvFf

Score
10/10
ratnetwire

Malware Config

Extracted

Family

netwire

C2

37.0.14.206:3384

Attributes
  • activex_autorun

    false

  • copy_executable

    true

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • offline_keylogger

    true

  • password

    Password234

  • registry_autorun

    false

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire

Files

  • 1040-96-0x0000000000980000-0x000000000101D000-memory.dmp
    .exe windows x86


    Headers

    Sections