Extracted

• • Target

    4a6c011065678c4cbe9d8357d9eb0248b9faa5d6c5c889ccd8a6aaf750549e0e

  • Size

    1.2MB

  • MD5

    5c672bb14d0d8241b67b656fe697984d

  • SHA1

    42e72f8cac61d8c9dd9dcd5521d77d305a2dd99b

  • SHA256

    4a6c011065678c4cbe9d8357d9eb0248b9faa5d6c5c889ccd8a6aaf750549e0e

  • SHA512

    c770ea0d8b2486d9d117c029c77fd1a5c67f14ad56e83dc0252af7c49067445b40a90dd30625be1a1238262b36f1abe6600dc8f26a9dff7e3a4295632145d8a6

  Score

  10^/10

  netwirebotnetratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2