General
-
Target
3f3428250609d76d51a7120a1bffa2190512a7949cc12dc818c88daa9a93682b
-
Size
618KB
-
Sample
220701-ct188agagm
-
MD5
d3735d9860c7444607e5f83623ac7c25
-
SHA1
a78b387746e8c99647df20d3b65eb8754870ebed
-
SHA256
3f3428250609d76d51a7120a1bffa2190512a7949cc12dc818c88daa9a93682b
-
SHA512
20a4d48dfea25ab059bcd876a8b886ccd4395b67ece23fc38ea2e33e0c25b3ac3da766c4d4190708e5e34f065fc1f6f8e8422eddc747177d23b1db086ab79f0a
Malware Config
Extracted
netwire
185.145.45.21:89
-
activex_autorun
true
-
activex_key
{51A7CKDP-USR1-7452-A6QK-72F76U1VY4DK}
-
copy_executable
false
-
delete_original
true
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
SNVbboRF
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
Avast
-
use_mutex
true
Targets
-
-
Target
3f3428250609d76d51a7120a1bffa2190512a7949cc12dc818c88daa9a93682b
-
Size
618KB
-
MD5
d3735d9860c7444607e5f83623ac7c25
-
SHA1
a78b387746e8c99647df20d3b65eb8754870ebed
-
SHA256
3f3428250609d76d51a7120a1bffa2190512a7949cc12dc818c88daa9a93682b
-
SHA512
20a4d48dfea25ab059bcd876a8b886ccd4395b67ece23fc38ea2e33e0c25b3ac3da766c4d4190708e5e34f065fc1f6f8e8422eddc747177d23b1db086ab79f0a
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-