General
-
Target
9cdb3ec1accd17e884e8ed76d8789b2b
-
Size
459KB
-
Sample
201117-r2dac44wsx
-
MD5
95b26096376f1a1624581f3203a05f4d
-
SHA1
5e885913d272cb5912bd2bbb1f84be93ac09bf52
-
SHA256
3cb34cca32bb4aea5625d0760bd6c51f71695c7bb2c11e465c24a31efbfba6cf
-
SHA512
c49bb53a7e180761011fad7f3b987ced91e52715bc27382c7600d086bfbcb893c21361028941b29b2fb0e6abe2da47a79a222098efc8801ed6f218def7599f53
Malware Config
Targets
-
-
Target
9cdb3ec1accd17e884e8ed76d8789b2b
-
Size
459KB
-
MD5
95b26096376f1a1624581f3203a05f4d
-
SHA1
5e885913d272cb5912bd2bbb1f84be93ac09bf52
-
SHA256
3cb34cca32bb4aea5625d0760bd6c51f71695c7bb2c11e465c24a31efbfba6cf
-
SHA512
c49bb53a7e180761011fad7f3b987ced91e52715bc27382c7600d086bfbcb893c21361028941b29b2fb0e6abe2da47a79a222098efc8801ed6f218def7599f53
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-