General
-
Target
35A80E79A290DFCE0D019D467EC8DC9C.exe
-
Size
3.0MB
-
Sample
210723-5lqnaby9dx
-
MD5
35a80e79a290dfce0d019d467ec8dc9c
-
SHA1
c9e67190debfb937b1c148b5c1c0f2869e4c0b8a
-
SHA256
ee70cb2fc82abe10d225555baf80864b1c8f779fce79dcb2b76943d145a8130e
-
SHA512
5916e9bc037a5e95fdeb8cc519cea95e3d63c25a1940673c99713621133463c32e5c6ce8bd7c7635c666a1c76c8dfe1554b14719f2f0e5acd9a77fe8da7e7b03
Malware Config
Extracted
netwire
finerthings.duckdns.org:3021
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
H23053OIGS
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
finerthings@963
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
35A80E79A290DFCE0D019D467EC8DC9C.exe
-
Size
3.0MB
-
MD5
35a80e79a290dfce0d019d467ec8dc9c
-
SHA1
c9e67190debfb937b1c148b5c1c0f2869e4c0b8a
-
SHA256
ee70cb2fc82abe10d225555baf80864b1c8f779fce79dcb2b76943d145a8130e
-
SHA512
5916e9bc037a5e95fdeb8cc519cea95e3d63c25a1940673c99713621133463c32e5c6ce8bd7c7635c666a1c76c8dfe1554b14719f2f0e5acd9a77fe8da7e7b03
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-