General
-
Target
4f6b90f9d4b48278766883d445a0e5f8e6ac7b26c89e4788d89ff0a651e89a3e
-
Size
516KB
-
Sample
220720-cj79sababl
-
MD5
a746793b906c5355212819c537d95d4a
-
SHA1
b15cb2d0cb40f036f687fdabddeb54cd31c112e4
-
SHA256
4f6b90f9d4b48278766883d445a0e5f8e6ac7b26c89e4788d89ff0a651e89a3e
-
SHA512
0df708298b080413d39737686b89233d2c21262bbce001884cbf0f4dcd449931d1635f70e5c188c14e49ec687c59a3337d7916ee5cd76617b225e39d975a515f
Malware Config
Extracted
netwire
185.165.153.135:9539
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
4f6b90f9d4b48278766883d445a0e5f8e6ac7b26c89e4788d89ff0a651e89a3e
-
Size
516KB
-
MD5
a746793b906c5355212819c537d95d4a
-
SHA1
b15cb2d0cb40f036f687fdabddeb54cd31c112e4
-
SHA256
4f6b90f9d4b48278766883d445a0e5f8e6ac7b26c89e4788d89ff0a651e89a3e
-
SHA512
0df708298b080413d39737686b89233d2c21262bbce001884cbf0f4dcd449931d1635f70e5c188c14e49ec687c59a3337d7916ee5cd76617b225e39d975a515f
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-