General
-
Target
2a73e8f413acfcd05a38ac515320430dbb7c99aaa7d4fdf8ae3dd1f59050074c
-
Size
202KB
-
Sample
220217-gjedxshfe9
-
MD5
af0a1ec77e72432f8bf74ecb21a384a8
-
SHA1
c0831ccc145a8c3e7a361faf9a573b9773ca5354
-
SHA256
2a73e8f413acfcd05a38ac515320430dbb7c99aaa7d4fdf8ae3dd1f59050074c
-
SHA512
29ef37b7e7332eb7536f346c88a602bd71fae382914710886e85d496f33ad6466be0bc9b7a71b5215cd51a3cefdfea17592fe8bb5eadc103bc7c43ad676724ab
Malware Config
Extracted
netwire
23.105.131.142:3368
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Love1234
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
2a73e8f413acfcd05a38ac515320430dbb7c99aaa7d4fdf8ae3dd1f59050074c
-
Size
202KB
-
MD5
af0a1ec77e72432f8bf74ecb21a384a8
-
SHA1
c0831ccc145a8c3e7a361faf9a573b9773ca5354
-
SHA256
2a73e8f413acfcd05a38ac515320430dbb7c99aaa7d4fdf8ae3dd1f59050074c
-
SHA512
29ef37b7e7332eb7536f346c88a602bd71fae382914710886e85d496f33ad6466be0bc9b7a71b5215cd51a3cefdfea17592fe8bb5eadc103bc7c43ad676724ab
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-