Analysis
-
max time kernel
141s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
18-06-2023 08:21
Behavioral task
behavioral1
Sample
0x00080000000122ee-67.exe
Resource
win7-20230220-en
General
-
Target
0x00080000000122ee-67.exe
-
Size
89KB
-
MD5
9c393cac6ef1c3282e3daf6ec50b79de
-
SHA1
34afa77f3d276191c278d56fa870d11c5069f48e
-
SHA256
7231c7a76d9c4d0a307197522a2aec968f31865a4b2c4b962b64b01e9229315b
-
SHA512
82543c3b43d10616ff9687e468ab75f3e96d0f0fdc795df2ef341b91c4ef915b0bad5bfbf6916939d40596d9bcd3190a1371bced3be16513768cc096c9c9b66e
-
SSDEEP
1536:b2giUJrMJvmpUMyB43RWKRaQ71XubjyKhkkIs1ZZsNIT/SDhw:b2LiQmpUbB4kKP1Xubjy4Is1ZwIcw
Malware Config
Extracted
netwire
william1979.ddns.net:4416
mathkros79.ddns.net:4416
engine79.ddns.net:4416
chrisle79.ddns.net:4416
jacknop79.ddns.net:4416
smath79.ddns.net:4416
whatis79.ddns.net:4416
goodgt79.ddns.net:4416
bonding79.ddns.net:4416
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Jan 2018
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password2$
-
registry_autorun
false
-
use_mutex
false
Signatures
-
NetWire RAT payload 7 IoCs
resource yara_rule behavioral1/memory/1192-56-0x0000000000400000-0x0000000000420000-memory.dmp netwire behavioral1/memory/1192-58-0x0000000000400000-0x0000000000420000-memory.dmp netwire behavioral1/memory/1192-60-0x0000000000400000-0x0000000000420000-memory.dmp netwire behavioral1/memory/1192-63-0x0000000000400000-0x0000000000420000-memory.dmp netwire behavioral1/memory/1192-65-0x0000000000400000-0x0000000000420000-memory.dmp netwire behavioral1/memory/1192-67-0x0000000000400000-0x0000000000420000-memory.dmp netwire behavioral1/memory/1192-69-0x0000000000400000-0x0000000000420000-memory.dmp netwire