General
-
Target
ced88fb1788e14d1b2169e8785e45dec1bceb637bc0bd70ce94fa662c9b9cf3a
-
Size
764KB
-
Sample
220724-vxlbaaccg5
-
MD5
85692723f764dbd2128dcdeeec73feb7
-
SHA1
c2512457a9e75d12061b3d9bdfc2cf3ed312f6c9
-
SHA256
ced88fb1788e14d1b2169e8785e45dec1bceb637bc0bd70ce94fa662c9b9cf3a
-
SHA512
b0e3b4fb277ff7b3db92f0508a16b26b9e4bd2c9fcc00049ef67a6e1a31af6395b981233c1293adc32424bf06015046134bd386b5b52a23dd4b045c5394e7634
Malware Config
Targets
-
-
Target
ced88fb1788e14d1b2169e8785e45dec1bceb637bc0bd70ce94fa662c9b9cf3a
-
Size
764KB
-
MD5
85692723f764dbd2128dcdeeec73feb7
-
SHA1
c2512457a9e75d12061b3d9bdfc2cf3ed312f6c9
-
SHA256
ced88fb1788e14d1b2169e8785e45dec1bceb637bc0bd70ce94fa662c9b9cf3a
-
SHA512
b0e3b4fb277ff7b3db92f0508a16b26b9e4bd2c9fcc00049ef67a6e1a31af6395b981233c1293adc32424bf06015046134bd386b5b52a23dd4b045c5394e7634
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-