General
-
Target
5683c67bace862ceec5ecee12100ff01374445e2b5b1c2896dbb593cfc5e87cb
-
Size
580KB
-
Sample
220701-dq98dshfhm
-
MD5
2024f8a7ec2df07582ad0f2e982ddcdb
-
SHA1
d5ba5fb8e0be66cf77ef368179d5c21f790ca911
-
SHA256
5683c67bace862ceec5ecee12100ff01374445e2b5b1c2896dbb593cfc5e87cb
-
SHA512
e14384b4f038ed34d7ca540382ac07a77df08cb865077e432f00a0d9a93152bb7264c476f1e33f3a95d75973d9c78c8a4ed167cc9ce10f8e82adf5b95d077c36
Malware Config
Extracted
netwire
79.134.225.120:8765
-
activex_autorun
true
-
activex_key
{L501JP3X-C6PC-RH36-475X-RS2C2OQHHGS0}
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
windows
-
use_mutex
false
Targets
-
-
Target
5683c67bace862ceec5ecee12100ff01374445e2b5b1c2896dbb593cfc5e87cb
-
Size
580KB
-
MD5
2024f8a7ec2df07582ad0f2e982ddcdb
-
SHA1
d5ba5fb8e0be66cf77ef368179d5c21f790ca911
-
SHA256
5683c67bace862ceec5ecee12100ff01374445e2b5b1c2896dbb593cfc5e87cb
-
SHA512
e14384b4f038ed34d7ca540382ac07a77df08cb865077e432f00a0d9a93152bb7264c476f1e33f3a95d75973d9c78c8a4ed167cc9ce10f8e82adf5b95d077c36
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-