Overview

overview

10

Static

static

10

2704-12-0x...ry.exe

windows7-x64

1

2704-12-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2704-12-0x0000000000400000-0x000000000046D000-memory.dmp

  • Size

    436KB

  • Sample

    240417-shxpnadd75

  • MD5

    efa8290849d232ea0c04e833fe42ae87

  • SHA1

    bca7af0b9a8197fd2debe8483fa6ebed90010b93

  • SHA256

    31938e5bcacac0d2214f2f09439a8ff23fec6a463bd92a6acde2ed9626f668f3

  • SHA512

    e0ba87b8d87adbe386705b977cf6d0b568e82e7c8b099a114d0d73555197b926d438eec98d79c4ed5c57b8d7d8096f8bd818750d4e0eb3f778a31ce28344ffc5

  • SSDEEP

    12288:DAwZixvy9YaY1ItAytq41IM4vxcvWGkae:Deq95Y12nth1I9JcvW3a

Score
10/10
netwirerat

Malware Config

Extracted

Family

netwire

C2

dnsresoIve.ns01.US:15111

dnsresolve.srz2l6.com:15111

PLUGINUPDATES.duckdns.org:15111

updateavlocalgenuine.com:15111

localupdate.ns02.info:15111

dnsresolve.nsl1.cc:15111

dnsresolve.srs8l2.com:15111
Attributes
  • activex_autorun

    false

  • activex_key

    {A3N5KUJ4-U7S4-6J45-1DJ6-32HM4W8Q0615}

  • copy_executable

    false

  • delete_original

    false

  • host_id

    AVR-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    DuleX

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      2704-12-0x0000000000400000-0x000000000046D000-memory.dmp

    • Size

      436KB

    • MD5

      efa8290849d232ea0c04e833fe42ae87

    • SHA1

      bca7af0b9a8197fd2debe8483fa6ebed90010b93

    • SHA256

      31938e5bcacac0d2214f2f09439a8ff23fec6a463bd92a6acde2ed9626f668f3

    • SHA512

      e0ba87b8d87adbe386705b977cf6d0b568e82e7c8b099a114d0d73555197b926d438eec98d79c4ed5c57b8d7d8096f8bd818750d4e0eb3f778a31ce28344ffc5

    • SSDEEP

      12288:DAwZixvy9YaY1ItAytq41IM4vxcvWGkae:Deq95Y12nth1I9JcvW3a

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks