3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed
General
Target
Size
Sample
3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed
1MB
220521-dm8kdsgaa6
Score
10 /10
MD5
SHA1
SHA256
SHA512
085bf5edaa4f6ff34cd0bc143269395d
a0760f24f47f0dcf3de907678afb64153f43e2af
3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed
ae4f6344e6c4c84f83c80d9ec99e72d22d2853c51460df1402514839f8e272225fb8ab62f5bef4efa39652776155fd66d75b8c274243de6da70bbb3fd8ac99aa
Malware Config
Extracted
| Family | netwire |
| C2 |
winx.xcapdatap.capetown:7390 |
| Attributes |
activex_autorun false
activex_key
copy_executable false
delete_original false
host_id Jagz_$$$
install_path
keylogger_dir %AppData%\Logs\
lock_executable false
mutex
offline_keylogger true
password P@55w0rd!
registry_autorun false
startup_name
use_mutex false |
Targets
Target
MD5
Filesize
FADEX_16.EXE
33a4cfe431ca51de83e78a58a0ba4631
291KB
Score
10/10
SHA1
SHA256
SHA512
ce870eae750f10ec50dcfba2850ba3e0b7d50be8
f24e45d41404cdbd5b3e88ef39f6b047d062ade5cb3bddbe2ad40d5331e27210
fb1569a7bdc839875024c8cf29d41f8166b346b3b512a806e6f40af697a3c3cb95526caabf1431ad22fcbe284bde177cd837a87db1decce87cb1316cf9f044a3
Tags
Signatures
-
NetWire RAT payload
-
Netwire
Description
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Tags
-
ReZer0 packer
Description
Detects ReZer0, a packer with multiple versions used in various campaigns.
Tags
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks