General
-
Target
715788fb520b3873db406fdf59521afa
-
Size
160KB
-
Sample
210709-fz7ch8qpn6
-
MD5
715788fb520b3873db406fdf59521afa
-
SHA1
096e3741fd8babb84d433fa9ccb866b4fe0435e3
-
SHA256
dbe60153ede523dc838e9289aa0b43c5022c182b85396381b96b5d44c1698e27
-
SHA512
74a88eba916b6da1dfb3365741df54cdcb7a4faf4029c53c0a39d28753ab674f55230d3aab9af9e4d9b1655adbe08739d9315d8aa9510768aedfebfa4c35c417
Malware Config
Extracted
netwire
127.0.0.1:3360
66.42.43.177:443
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
C:\Windows\System32\spool\drivers\color
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
sysWOW32
-
use_mutex
false
Targets
-
-
Target
715788fb520b3873db406fdf59521afa
-
Size
160KB
-
MD5
715788fb520b3873db406fdf59521afa
-
SHA1
096e3741fd8babb84d433fa9ccb866b4fe0435e3
-
SHA256
dbe60153ede523dc838e9289aa0b43c5022c182b85396381b96b5d44c1698e27
-
SHA512
74a88eba916b6da1dfb3365741df54cdcb7a4faf4029c53c0a39d28753ab674f55230d3aab9af9e4d9b1655adbe08739d9315d8aa9510768aedfebfa4c35c417
Score10/10-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Adds Run key to start application
-
Drops file in System32 directory
-