General
-
Target
a49fda4699079ae9f0f5a851570154a8ca0b7c08280b41928844ca3261de8133
-
Size
801KB
-
Sample
220724-v5jsescfg3
-
MD5
7d6c9c0b234b1291cd37cbde1e6a9218
-
SHA1
0effecffd257c7dd149a50da851a6cc0f459bb52
-
SHA256
a49fda4699079ae9f0f5a851570154a8ca0b7c08280b41928844ca3261de8133
-
SHA512
14b1ed17c9a8e13c7e53bf62cf9053780251a045c343e76bac9e02ccbc30c3f4c5717d127a7cb1b20e998f695892c556335f33a8a310585b1a490c9dfc9ec3a4
Malware Config
Targets
-
-
Target
a49fda4699079ae9f0f5a851570154a8ca0b7c08280b41928844ca3261de8133
-
Size
801KB
-
MD5
7d6c9c0b234b1291cd37cbde1e6a9218
-
SHA1
0effecffd257c7dd149a50da851a6cc0f459bb52
-
SHA256
a49fda4699079ae9f0f5a851570154a8ca0b7c08280b41928844ca3261de8133
-
SHA512
14b1ed17c9a8e13c7e53bf62cf9053780251a045c343e76bac9e02ccbc30c3f4c5717d127a7cb1b20e998f695892c556335f33a8a310585b1a490c9dfc9ec3a4
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-