General
-
Target
SafeBuff.exe
-
Size
1.1MB
-
Sample
210709-tw1m8j64yn
-
MD5
6446daba47a6a46d3f10a1c3504223d0
-
SHA1
e97d50eb97e3f4d70680d43c2d18c418e207e4fe
-
SHA256
8564faf328ce5c253f4b6b3462402634e64ce8caefeb18428c2dcb4d454ee996
-
SHA512
1a33ca90af589f6b8ec0d41836a96c5d1d712fd01818d44c096db9839e7f8e873fed5d191b36911de29f1243bc260c1301328f97d7f3a5f8312ad04853db792d
Malware Config
Extracted
netwire
dxyasser0.zapto.org:1212
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
123
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
SafeBuff.exe
-
Size
1.1MB
-
MD5
6446daba47a6a46d3f10a1c3504223d0
-
SHA1
e97d50eb97e3f4d70680d43c2d18c418e207e4fe
-
SHA256
8564faf328ce5c253f4b6b3462402634e64ce8caefeb18428c2dcb4d454ee996
-
SHA512
1a33ca90af589f6b8ec0d41836a96c5d1d712fd01818d44c096db9839e7f8e873fed5d191b36911de29f1243bc260c1301328f97d7f3a5f8312ad04853db792d
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-