General
-
Target
56aff5f89acbf221f7e5102a768d74c707da738b0edc7d0e90c6a1f15d6c0205
-
Size
504KB
-
Sample
220725-ce6v6aacdl
-
MD5
2cdb34bbad1c2a4c0e59eed11f281dd5
-
SHA1
de053e546a00c8cb152711ff49b0e633b9f65c74
-
SHA256
56aff5f89acbf221f7e5102a768d74c707da738b0edc7d0e90c6a1f15d6c0205
-
SHA512
220bccebacfc2ed84623791843b2f15578797f8d596ac5a81244afdf08a0931552bd8060ec907f0acb671af61337b27cbc073f40c5e5b87e18c18ff795df8190
Malware Config
Extracted
netwire
178.124.140.150:8687
-
activex_autorun
true
-
activex_key
{TK1A7HT7-DQYO-67A2-ANU2-MW11C1A1UU6E}
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
windows
-
use_mutex
false
Targets
-
-
Target
56aff5f89acbf221f7e5102a768d74c707da738b0edc7d0e90c6a1f15d6c0205
-
Size
504KB
-
MD5
2cdb34bbad1c2a4c0e59eed11f281dd5
-
SHA1
de053e546a00c8cb152711ff49b0e633b9f65c74
-
SHA256
56aff5f89acbf221f7e5102a768d74c707da738b0edc7d0e90c6a1f15d6c0205
-
SHA512
220bccebacfc2ed84623791843b2f15578797f8d596ac5a81244afdf08a0931552bd8060ec907f0acb671af61337b27cbc073f40c5e5b87e18c18ff795df8190
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-