General

  • Target

    9b6ae7cac5205a65e04ca67a14760170N

  • Size

    127KB

  • MD5

    9b6ae7cac5205a65e04ca67a14760170

  • SHA1

    a13a08aaba1469e9902418f175cb0f069081f80e

  • SHA256

    03d58ac104bdf2b1765effa474c62175490c116e02352e861b1bd5118a42aa10

  • SHA512

    a8d1b6dcdd5de77bc06c9d2a93eb9d1b1c7ff4c9761508a304851fc2c89debd2be0568188f2150835058149d1c3a51d1bc8e3bde1f2a7fb845f593a49babd489

  • SSDEEP

    3072:Uq3E2BfBSbEsz7nCAFVNNvBGvdO5gPaEjep8Fe7Z1iO7Zbvb0EV7:BRBfBSosz7nCA3NHCdXaEj7Fe7Z1iOFn

Score
10/10

Malware Config

Extracted

Family

netwire

C2

eventsbypearce.host:2021

Attributes
  • activex_autorun

    false

  • copy_executable

    false

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • lock_executable

    false

  • offline_keylogger

    false

  • password

    newwork2020

  • registry_autorun

    false

  • use_mutex

    false

Signatures

  • NetWire RAT payload 1 IoCs
  • Netwire family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 9b6ae7cac5205a65e04ca67a14760170N
    .exe windows:4 windows x86 arch:x86

    3552255b0308f758d071474baf31cb31


    Headers

    Imports

    Sections