Netwire | 2a05a23d8879

Classifications

Backdoor

Threat Names

Netwire C2/Generic-A Mal/Generic-S

Dynamic Analysis Report

Created on 2022-08-05T09:42:06+00:00

2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe

Windows Exe (x86-32)

Remarks (2/2)

Anti-Sleep Triggered (0x0200000E): The overall sleep time of all monitored processes was truncated from "2 minutes, 30 seconds" to "20 seconds" to reveal dormant functionality.

Auto Reboot Triggered (0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

General

717 Bytes total sent, 723 Bytes total received

3 ports: 4433, 53, 445

2 contacted IP addresses

1 URLs extracted

0 files downloaded

0 malicious hosts detected

DNS

63 Bytes sent, 79 Bytes received

1 queries for 1 domains

1 name server contacted

0 queries returned errors

HTTP/S

0 Bytes sent, 0 Bytes received

0 URLs, 0 contacted servers

0 sessions detected

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

Domain Name
WHOIS Response