General
-
Target
369e6cfec01912c0ef9748f97a1c7170c78245eb9a46414b08cb08b6477466b4
-
Size
467KB
-
Sample
220626-cd3r4scfhl
-
MD5
f5aa443c7bd791537abe9cdfede42c58
-
SHA1
711095847e9acb5724759027a61fc98b5d443410
-
SHA256
369e6cfec01912c0ef9748f97a1c7170c78245eb9a46414b08cb08b6477466b4
-
SHA512
11da2b9bb91d5e5261d56f851e38d63411f790c966ea776fab518c4f8fafef1313ee73d55f3a3ffd3b0bc7720c48b1b14cad3d381cd588526a625992eae817c3
Malware Config
Extracted
netwire
fingers1.ddns.net:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
369e6cfec01912c0ef9748f97a1c7170c78245eb9a46414b08cb08b6477466b4
-
Size
467KB
-
MD5
f5aa443c7bd791537abe9cdfede42c58
-
SHA1
711095847e9acb5724759027a61fc98b5d443410
-
SHA256
369e6cfec01912c0ef9748f97a1c7170c78245eb9a46414b08cb08b6477466b4
-
SHA512
11da2b9bb91d5e5261d56f851e38d63411f790c966ea776fab518c4f8fafef1313ee73d55f3a3ffd3b0bc7720c48b1b14cad3d381cd588526a625992eae817c3
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-