General
-
Target
5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939
-
Size
1.1MB
-
Sample
220724-shcpgsgddj
-
MD5
a166cf965631b35753a21c0753ba6636
-
SHA1
8bbe0fd326a908e8cef75cb1cfdaf23e7c60bc46
-
SHA256
5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939
-
SHA512
a6626353c1335fc894c1a345176eeb779f161b20832fb2ba75a04fc66672127289a1dba407c7ea45d9b4bab0030dbeb5f18d888dd5a2da1f7ffeedc15adcbeb1
Malware Config
Extracted
netwire
95.167.151.235:8973
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939
-
Size
1.1MB
-
MD5
a166cf965631b35753a21c0753ba6636
-
SHA1
8bbe0fd326a908e8cef75cb1cfdaf23e7c60bc46
-
SHA256
5eed016d16ed7abb1ee84e19da014d366e2de316a8e938dc318c22fa33ae1939
-
SHA512
a6626353c1335fc894c1a345176eeb779f161b20832fb2ba75a04fc66672127289a1dba407c7ea45d9b4bab0030dbeb5f18d888dd5a2da1f7ffeedc15adcbeb1
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-