Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
21-02-2023 03:44
Behavioral task
behavioral1
Sample
sample1.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
General
-
Target
sample1.exe
-
Size
124KB
-
MD5
58d875ff734debcbc265a53820729770
-
SHA1
3fad915ff84960aa40112cc2c185d7f60abf2477
-
SHA256
a352b6008c6e33e2e10ddaed93d51cbab38bbf2993d503a9a9ad08e1fdc7797b
-
SHA512
d2a4e8cb470c79ba936989e6995e6e2a15688bcce85ee31443e8fd06e42675b38aa65f67fbfab0d60dd6d180bb225a44bd2ab60d963b01d2d0dc5407af181b8a
-
SSDEEP
3072:nr/zIEyQIrPP+r4MrdN/086ibgqGWk1x:nrsEyQUPPGxFsYc
Malware Config
Extracted
Family
netwire
C2
masonchill.jumpingcrab.com:3360
masonchill.dynamic-dns.net:3370
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-iAGsE2
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Signatures
-
NetWire RAT payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/4936-135-0x0000000000400000-0x000000000041F000-memory.dmp netwire behavioral2/memory/4936-136-0x0000000000400000-0x000000000041F000-memory.dmp netwire