Overview

overview

10

Static

static

10

fcd571bf8c...18.exe

windows7-x64

fcd571bf8c...18.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcd571bf8c86b1943fe6d3272f1bcdd3_JaffaCakes118

  • Size

    137KB

  • MD5

    fcd571bf8c86b1943fe6d3272f1bcdd3

  • SHA1

    95d794022f4ef93265cccc0edcc12308193b5da1

  • SHA256

    42d7a3426ece8f48c4123b341d67f49347750e63d235c03f70a30fbd85321fe1

  • SHA512

    95314b1a960e3bbb15b10877c16b4d6403b4b4661ba5e96581eac87be797be40d6bfaba58a86c44461181a7a03b0a03f0aeabfefccea9c8a8a7aa977d007faeb

  • SSDEEP

    3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLva:jOTcK+NrRioGHlz8rz0i/a

Score
10/10
ratnetwire

Malware Config

Extracted

Family

netwire

C2

127.0.0.1:3360

66.42.43.177:443
Attributes
  • activex_autorun

    false

  • copy_executable

    true

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    C:\Windows\System32\spool\drivers\color

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    Password

  • registry_autorun

    true

  • startup_name

    sysWOW32

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
    rat
  • Netwire family
    netwire
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • fcd571bf8c86b1943fe6d3272f1bcdd3_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections