General

  • Target

    0300c77c84aa4e40c3bafd3f04a4c54a2f3bf2069db60e255fe4edf3d675fe7d

  • Size

    272KB

  • MD5

    c392e134b254a10d3007c4860ac06d95

  • SHA1

    0b50a024e07b0da75e5080486e2d41634ef6a971

  • SHA256

    0300c77c84aa4e40c3bafd3f04a4c54a2f3bf2069db60e255fe4edf3d675fe7d

  • SHA512

    3c7dbde9e79bf60de935d26de42c17cef1d81938eb2e08256e0be2f72646a21cb9daf34866bd54725c330f90fea106e10f500922de4f34135d6c187bee871a09

  • SSDEEP

    6144:wcCmiQfipBKWzkeHrb08rTj6aBpSYdS1wjzcoeqqD9dIx:wcXiQfipPrb08rTj6+pGWq4x

Score
10/10

Malware Config

Extracted

Family

netwire

C2

94.156.189.115:53

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Router\CheckLink.exe

  • keylogger_dir

    TestLink.lnk

  • lock_executable

    false

  • mutex

    pHGKnPeU

  • offline_keylogger

    false

  • password

    1qaz2wsx.

  • registry_autorun

    false

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
  • Netwire family

Files

  • 0300c77c84aa4e40c3bafd3f04a4c54a2f3bf2069db60e255fe4edf3d675fe7d
    .exe windows x86

    e03c5ea8e25367650e1f4380ec0a6eaf


    Headers

    Imports

    Sections