General
-
Target
407c9d38f87a36ff78212df9ad63ba3bc67e0232efdb7977440515633b772010
-
Size
347KB
-
Sample
220708-vatddaafdj
-
MD5
6b20559ddfc38ecaff9a92ef76d7f5d6
-
SHA1
d4658c9a119729e8b24cfe4c042dbee2760a1c7e
-
SHA256
407c9d38f87a36ff78212df9ad63ba3bc67e0232efdb7977440515633b772010
-
SHA512
58013ac1c2d71acc63d0b2534e271b508093c17892732c0661f8118e808e036c05f51d0d79b72f01cfcd5a8838a957da5b15271bfca7b9f5806dcfd7480b63d3
Malware Config
Extracted
netwire
info1.nowddns.com:5552
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
SMS-Providers
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
caster
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
407c9d38f87a36ff78212df9ad63ba3bc67e0232efdb7977440515633b772010
-
Size
347KB
-
MD5
6b20559ddfc38ecaff9a92ef76d7f5d6
-
SHA1
d4658c9a119729e8b24cfe4c042dbee2760a1c7e
-
SHA256
407c9d38f87a36ff78212df9ad63ba3bc67e0232efdb7977440515633b772010
-
SHA512
58013ac1c2d71acc63d0b2534e271b508093c17892732c0661f8118e808e036c05f51d0d79b72f01cfcd5a8838a957da5b15271bfca7b9f5806dcfd7480b63d3
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-