General
-
Target
403a92e52243258eff6eb38f03d84048e16bc7a2b265e0968a310bdc69accede
-
Size
562KB
-
Sample
220708-zdp8caaec8
-
MD5
fd238c0ed716ed40685e923bbd688312
-
SHA1
4039ff431cd19e2f8d29ffad4056375a09d11904
-
SHA256
403a92e52243258eff6eb38f03d84048e16bc7a2b265e0968a310bdc69accede
-
SHA512
319696d81f4f9acd8d19d6a5a6097ab0792691f314cdd8b5f69f6bce0969f30b77ce863bd2de97670f7a3ec8cc5cb6d5f1576ee29babef7a6c37b5b93b323014
Malware Config
Extracted
netwire
ahmed82.duckdns.org:31220
-
activex_autorun
true
-
activex_key
{MQ7E162C-G40B-POGC-BR10-W1R3U0M04M64}
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-Nov%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
false
Targets
-
-
Target
403a92e52243258eff6eb38f03d84048e16bc7a2b265e0968a310bdc69accede
-
Size
562KB
-
MD5
fd238c0ed716ed40685e923bbd688312
-
SHA1
4039ff431cd19e2f8d29ffad4056375a09d11904
-
SHA256
403a92e52243258eff6eb38f03d84048e16bc7a2b265e0968a310bdc69accede
-
SHA512
319696d81f4f9acd8d19d6a5a6097ab0792691f314cdd8b5f69f6bce0969f30b77ce863bd2de97670f7a3ec8cc5cb6d5f1576ee29babef7a6c37b5b93b323014
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-