General
-
Target
3b5022e5f15adc50acf9a0b488f679036d3e217665b91c39ecc255155eefd118
-
Size
497KB
-
Sample
220703-veqs2sbdc4
-
MD5
12f2b491a4084a24a4fe32eab784bfa8
-
SHA1
ef0355acefd76982503a0280c8474650413c4561
-
SHA256
3b5022e5f15adc50acf9a0b488f679036d3e217665b91c39ecc255155eefd118
-
SHA512
68c2effc11df1ecb8166db53e847f591442ddc167bf270fc9fd87eacc0c6a10dce8c1639b48e9ffebf25bc58d297d4ab97d42530a762aa1a14eb78aaa8d18ebe
Malware Config
Targets
-
-
Target
3b5022e5f15adc50acf9a0b488f679036d3e217665b91c39ecc255155eefd118
-
Size
497KB
-
MD5
12f2b491a4084a24a4fe32eab784bfa8
-
SHA1
ef0355acefd76982503a0280c8474650413c4561
-
SHA256
3b5022e5f15adc50acf9a0b488f679036d3e217665b91c39ecc255155eefd118
-
SHA512
68c2effc11df1ecb8166db53e847f591442ddc167bf270fc9fd87eacc0c6a10dce8c1639b48e9ffebf25bc58d297d4ab97d42530a762aa1a14eb78aaa8d18ebe
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-