netwire | JaffaCakes118_3e4007140302791422e063097b145b3c51e65b0472e9e03c2588c9df68f1e023 | Triage

Sharing

General

Target

JaffaCakes118_3e4007140302791422e063097b145b3c51e65b0472e9e03c2588c9df68f1e023
Size

900KB
MD5

3bcb901301885de9fcc15dca91a5c739
SHA1

4cef6ccdc4926becaa48e7bd163c5e4781591578
SHA256

3e4007140302791422e063097b145b3c51e65b0472e9e03c2588c9df68f1e023
SHA512

7ccb6d1f9d2b466b33187a88d86d59932c0e601ab9d8131084b86c69abf40fe7dbb02ff9c9892d34cd9804367e286f709030658e9c37ab06eae3a7bbada487b0
SSDEEP

12288:pO9WX2YIKvCDbZPNiUd1bZaIyGvZqOiLgC3fwbXKNnfHfWfD7/wB20W7eEcoEiFZ:2WmYIaCRl1XbZaQjiLgCvG

Score

10^/10

rat netwire

Malware Config

Signatures

NetWire RAT payload 1 IoCs

resource	yara_rule
sample	netwire

Netwire family
netwire

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3e4007140302791422e063097b145b3c51e65b0472e9e03c2588c9df68f1e023

Files

JaffaCakes118_3e4007140302791422e063097b145b3c51e65b0472e9e03c2588c9df68f1e023
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ