Overview

overview

10

Static

static

10

2300-12-0x...ry.exe

windows7-x64

1

2300-12-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2300-12-0x0000000000400000-0x000000000046D000-memory.dmp

  • Size

    436KB

  • MD5

    3d6c6bff2e4b44e859015ba34b4db597

  • SHA1

    38c97dfa13d7819fb035080778b66d8235a6d9fd

  • SHA256

    b05bcd8ebd15f7e2863a1eab91933a06ff6846d89f1b43cb73abbe1c45f856f1

  • SHA512

    c1ea8232340cfe40ea68d810b3f7ce2225b87018d64c4201de062a0462b642dfbd4322cf4d5a1da7780c9bd24403170158bb7f671dee5d10da5e22aad5f9ae5f

  • SSDEEP

    12288:DAwZixvy9YaY1ItAytqq1IM4vxcvWGkae:Deq95Y12ntv1I9JcvW3a

Score
10/10
ratnetwire

Malware Config

Extracted

Family

netwire

C2

dnsresoIve.ns01.US:15111

dnsresolve.srz2l6.com:15111

PLUGINUPDATES.duckdns.org:15111

updateavlocalgenuine.com:15111

localupdate.ns02.info:15111

dnsresolve.nsl1.cc:15111

dnsresolve.srs8l2.com:15111
Attributes
  • activex_autorun

    false

  • activex_key

    {A3N5KUJ4-U7S4-6J45-1DJ6-32HM4W8Q0615}

  • copy_executable

    false

  • delete_original

    false

  • host_id

    AVR-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    DuleX

  • registry_autorun

    false

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2300-12-0x0000000000400000-0x000000000046D000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections