Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    940-158-0x000000000041AD7B-mapping.dmp

  • Size

    588KB

  • MD5

    0f6bee799d0edd60dcbbde97819013a5

  • SHA1

    a505f4199f6ce1f902c386c1b225a5f3cc6f2d04

  • SHA256

    7aa5832dcbf6e99f549eeb26acb73033e0ffea6b2494b10870456875f1a15590

  • SHA512

    11e84eba84c20da7b526c62ec515209fee464ec670dd801880ad97d68656535debb34e0a34330eb32f5af4240dd4eb768defeccd9ee33ec5743684d979f661cb

  • SSDEEP

    12288:bcXiQfipPrb08rTj6+pGWqLxMcXiQfipPrb08rTj6+pGNqLxj:ISQapPxfj0WWrSQapPxfj0NOx

Score
10/10
ratnetwire

Malware Config

Extracted

Family

netwire

C2

37.0.14.206:3384

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Install\Host.exe

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password234

  • registry_autorun

    false

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire

Files

  • 940-158-0x000000000041AD7B-mapping.dmp