Overview

overview

10

Static

static

10

2024-54-0x...ry.exe

windows7-x64

1

2024-54-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-54-0x0000000000400000-0x0000000000470000-memory.dmp

  • Size

    448KB

  • Sample

    240305-xmvhbafd62

  • MD5

    809ffbc81febcd327e5b9eba4507b9fc

  • SHA1

    7d404639cd866e8427fbeae42d1f484c407e0423

  • SHA256

    71c21579a23c13342bb386eebc211b5ee93739820b3d52e96b9450456559ed08

  • SHA512

    be071883d5dd35cd099263f792c6a11df5c2001ce8afa28cda91987177697036bc175c70b0fd903a77c66afc1dd989fa159d12d1c95b86490146919dd3641b4d

  • SSDEEP

    6144:b2eQRB4TPIbjy4IwZDUj1Qd62OzWqG16Zz7j42W3Llin:ORB4TPGD41Y62q1DZvjW3Un

Score
10/10
netwirerat

Malware Config

Extracted

Family

netwire

C2

forgiveme.workisboring.com:3360

Attributes
  • activex_autorun

    true

  • activex_key

    {TN38RH36-U670-03U7-57DE-24XMTWQBHGH1}

  • copy_executable

    true

  • delete_original

    false

  • host_id

    bendal

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    true

  • startup_name

    centosffjk

  • use_mutex

    false

Targets

    • Target

      2024-54-0x0000000000400000-0x0000000000470000-memory.dmp

    • Size

      448KB

    • MD5

      809ffbc81febcd327e5b9eba4507b9fc

    • SHA1

      7d404639cd866e8427fbeae42d1f484c407e0423

    • SHA256

      71c21579a23c13342bb386eebc211b5ee93739820b3d52e96b9450456559ed08

    • SHA512

      be071883d5dd35cd099263f792c6a11df5c2001ce8afa28cda91987177697036bc175c70b0fd903a77c66afc1dd989fa159d12d1c95b86490146919dd3641b4d

    • SSDEEP

      6144:b2eQRB4TPIbjy4IwZDUj1Qd62OzWqG16Zz7j42W3Llin:ORB4TPGD41Y62q1DZvjW3Un

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks