Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
01-04-2023 05:03
General
-
Target
r_noins.exe
-
Size
160KB
-
MD5
5a6a6ed96d1816d3aadb5c5efe7df06b
-
SHA1
67eef55084828705dd3b004b1b0f62298357a562
-
SHA256
e965a18c87835712f3caa5e854b952c8422f7564401b2b8ba721e4ed26e261dd
-
SHA512
f9256671e9b7234aeea4258b8e11d5603e8c5a097717cc354ad08c0ddde4df60df1a4143fab1ed0f947d2006cc98d5f907f2ea804ffeefe137e0cd26562446ed
-
SSDEEP
3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvoYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/ozQqqDvFf
Score
10/10
Malware Config
Extracted
Family
netwire
C2
wire.universitynetservice1979.info:8888
167.179.102.70:8888
62.234.24.30:8888
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-gaWkOe
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
win
-
registry_autorun
false
-
use_mutex
false
Signatures
-
NetWire RAT payload 7 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Processes
-
C:\Users\Admin\AppData\Local\Temp\r_noins.exe"C:\Users\Admin\AppData\Local\Temp\r_noins.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2744-133-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2744-135-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2744-142-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2744-143-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2744-144-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2744-145-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2744-146-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB