General
-
Target
464090c0450eb10c9fe81bbbba947a19454c0bce7ef6652ad8c4935b70ffc91e
-
Size
200KB
-
Sample
220707-la9wpacge9
-
MD5
beb3ac9d7ab382c17db324f67d1fb1dc
-
SHA1
07f8cbd1c5e5d534436d6ca8e1f8da9bb6625c8a
-
SHA256
464090c0450eb10c9fe81bbbba947a19454c0bce7ef6652ad8c4935b70ffc91e
-
SHA512
218b874d9f7a5569889da7500af3651e25427b6a922db24b02f913410ecd6301f47d884c20ac3f300c6e5c03bd8a8c182a4acf96a99d93c44e4f27a869078007
Malware Config
Extracted
netwire
extensions14718.sytes.net:3324
extensions14718sec.sytes.net:3324
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
YbcwLUQv
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
464090c0450eb10c9fe81bbbba947a19454c0bce7ef6652ad8c4935b70ffc91e
-
Size
200KB
-
MD5
beb3ac9d7ab382c17db324f67d1fb1dc
-
SHA1
07f8cbd1c5e5d534436d6ca8e1f8da9bb6625c8a
-
SHA256
464090c0450eb10c9fe81bbbba947a19454c0bce7ef6652ad8c4935b70ffc91e
-
SHA512
218b874d9f7a5569889da7500af3651e25427b6a922db24b02f913410ecd6301f47d884c20ac3f300c6e5c03bd8a8c182a4acf96a99d93c44e4f27a869078007
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-