Overview

overview

10

Static

static

10

fcd571bf8c...18.exe

windows7-x64

fcd571bf8c...18.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcd571bf8c86b1943fe6d3272f1bcdd3_JaffaCakes118

  • Size

    137KB

  • Sample

    240420-qemzyahd89

  • MD5

    fcd571bf8c86b1943fe6d3272f1bcdd3

  • SHA1

    95d794022f4ef93265cccc0edcc12308193b5da1

  • SHA256

    42d7a3426ece8f48c4123b341d67f49347750e63d235c03f70a30fbd85321fe1

  • SHA512

    95314b1a960e3bbb15b10877c16b4d6403b4b4661ba5e96581eac87be797be40d6bfaba58a86c44461181a7a03b0a03f0aeabfefccea9c8a8a7aa977d007faeb

  • SSDEEP

    3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLva:jOTcK+NrRioGHlz8rz0i/a

Score
10/10
netwirerat

Malware Config

Extracted

Family

netwire

C2

127.0.0.1:3360

66.42.43.177:443
Attributes
  • activex_autorun

    false

  • copy_executable

    true

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    C:\Windows\System32\spool\drivers\color

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    true

  • startup_name

    sysWOW32

  • use_mutex

    false

Targets

    • Target

      fcd571bf8c86b1943fe6d3272f1bcdd3_JaffaCakes118

    • Size

      137KB

    • MD5

      fcd571bf8c86b1943fe6d3272f1bcdd3

    • SHA1

      95d794022f4ef93265cccc0edcc12308193b5da1

    • SHA256

      42d7a3426ece8f48c4123b341d67f49347750e63d235c03f70a30fbd85321fe1

    • SHA512

      95314b1a960e3bbb15b10877c16b4d6403b4b4661ba5e96581eac87be797be40d6bfaba58a86c44461181a7a03b0a03f0aeabfefccea9c8a8a7aa977d007faeb

    • SSDEEP

      3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLva:jOTcK+NrRioGHlz8rz0i/a

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks