General
-
Target
16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718
-
Size
105KB
-
Sample
220503-ahx2badag7
-
MD5
287e090c10d97f99f599cb3b23e673a3
-
SHA1
e7548469f9878ca94394819904b5067d792db56f
-
SHA256
16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718
-
SHA512
f62236dde879ceb4c442bde71db41ba498c93054d809de612f261d7a77340ca06731d660c24a17ecf39bdc8bc3b6669561caae855f04a4d477d5feac07ec478f
Malware Config
Targets
-
-
Target
16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718
-
Size
105KB
-
MD5
287e090c10d97f99f599cb3b23e673a3
-
SHA1
e7548469f9878ca94394819904b5067d792db56f
-
SHA256
16073cff18984bb8027adf38397b92ed06e84082afab7e0f6cc20e8e09ae8718
-
SHA512
f62236dde879ceb4c442bde71db41ba498c93054d809de612f261d7a77340ca06731d660c24a17ecf39bdc8bc3b6669561caae855f04a4d477d5feac07ec478f
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-