General
-
Target
91514b3627e78e42cb05bc608737a47f.exe
-
Size
213KB
-
Sample
210616-s2nsgen4k2
-
MD5
91514b3627e78e42cb05bc608737a47f
-
SHA1
b48882a3d656068e30b88671aee71010e5602d32
-
SHA256
e0e0ca8ec324752ed823c7e503992398e817663828f94b4ca699ff1965095c31
-
SHA512
b50be6bed7809b76697b4e9849453a12ade782afd43f63ae1c8207ee11e26f95e374293cdc4523f5a5b00030d564e67c04efc0f80c5b2571ee37d19ecb08fc7e
Malware Config
Extracted
netwire
netno.ddns.net:6577
ddns.dbcdubai.com:6577
netsecond.duckdns.org:6577
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
OJ
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
oCTboYgC
-
offline_keylogger
true
-
password
Trinidado1@
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
91514b3627e78e42cb05bc608737a47f.exe
-
Size
213KB
-
MD5
91514b3627e78e42cb05bc608737a47f
-
SHA1
b48882a3d656068e30b88671aee71010e5602d32
-
SHA256
e0e0ca8ec324752ed823c7e503992398e817663828f94b4ca699ff1965095c31
-
SHA512
b50be6bed7809b76697b4e9849453a12ade782afd43f63ae1c8207ee11e26f95e374293cdc4523f5a5b00030d564e67c04efc0f80c5b2571ee37d19ecb08fc7e
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-