Overview

overview

10

Static

static

10

288-68-0x0...ry.exe

windows7-x64

1

288-68-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    288-68-0x0000000000400000-0x0000000000433000-memory.dmp

  • Size

    204KB

  • Sample

    220927-kw35laebbn

  • MD5

    a593dfd891f1db64ea2b9319ac29fa09

  • SHA1

    888c0da9777c02c6b44fa933eafeff43ed4eaf2e

  • SHA256

    aeb2faedc48fa9af80441dc461e7183433a312a376aff74b963043cefb6ccd41

  • SHA512

    75b3c6e7826930f1275a1586f4cefe43b8717a0f6ab854658125445a713cc3282d510ca075f5bfb817c845bf5632bb0bf01369abcfdbf46edc396a4e4016bfef

  • SSDEEP

    3072:S3bwUUCZjY/UURTbaiceGUlzFr0qOnZEcsx8VLJkYMSMqqD:S3kUjJY/fRT+iceGUlzFruZdJkzxqqD

Score
10/10
netwirerat

Malware Config

Extracted

Family

netwire

C2

104.222.188.99:3360

zonedx.ddns.net:3360

zonedx.ddns.net:3363

104.222.188.99:3363
Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Password9090

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      288-68-0x0000000000400000-0x0000000000433000-memory.dmp

    • Size

      204KB

    • MD5

      a593dfd891f1db64ea2b9319ac29fa09

    • SHA1

      888c0da9777c02c6b44fa933eafeff43ed4eaf2e

    • SHA256

      aeb2faedc48fa9af80441dc461e7183433a312a376aff74b963043cefb6ccd41

    • SHA512

      75b3c6e7826930f1275a1586f4cefe43b8717a0f6ab854658125445a713cc3282d510ca075f5bfb817c845bf5632bb0bf01369abcfdbf46edc396a4e4016bfef

    • SSDEEP

      3072:S3bwUUCZjY/UURTbaiceGUlzFr0qOnZEcsx8VLJkYMSMqqD:S3kUjJY/fRT+iceGUlzFruZdJkzxqqD

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks