General

  • Target

    5f88b8a047553a717d2674304233b5f3fce063f46b22b33b272a4296af2b6f20

  • Size

    160KB

  • MD5

    ea930dacbcdccf4d29416392cdab6a36

  • SHA1

    b9f7505a3b100d524edae9488e3818080d338dfa

  • SHA256

    5f88b8a047553a717d2674304233b5f3fce063f46b22b33b272a4296af2b6f20

  • SHA512

    fea4ff24f3090be851113a98915d418d489184c1b421a38ebe8252f4905be2edf77018a4062351c0cbf27404feb1d25bc72fdc0478e09336e6c244b7d146094f

  • SSDEEP

    3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLv7YMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/7zQqqDvFf

Score
10/10

Malware Config

Extracted

Family

netwire

C2

kingshakes.linkpc.net:2017

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    true

  • delete_original

    false

  • host_id

    Anjolaoluwa

  • install_path

    %AppData%\Windows\windowsupdate.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • mutex

    CSeLVtDF

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    true

  • startup_name

    NetWire

  • use_mutex

    true

Signatures

  • NetWire RAT payload 1 IoCs
  • Netwire family

Files

  • 5f88b8a047553a717d2674304233b5f3fce063f46b22b33b272a4296af2b6f20
    .exe windows x86

    4563c74acbd357d386b177e402b96ce4


    Code Sign

    Headers

    Imports

    Sections