General
-
Target
ae1f2914d61d01d927899c62c72a62590ce08baa18a78a1e56bd9dfdda634f3f
-
Size
604KB
-
Sample
220725-dgsxracbbr
-
MD5
06c5d04214063a365e85aba8a7d1a5ca
-
SHA1
cbdf52430e8c7479e12071ee1349008353eee433
-
SHA256
ae1f2914d61d01d927899c62c72a62590ce08baa18a78a1e56bd9dfdda634f3f
-
SHA512
68b49fd290a4ce1215a44045528c13fca56bf82dc99d674b25ab7218b07ece7f921c31bd9b4040aab194c24d24ae3db072b2de6e3d03e6cc6f5ea146fe948097
Malware Config
Extracted
netwire
79.134.225.120:8765
-
activex_autorun
true
-
activex_key
{7XOS4W0K-H4LE-56X7-UJ07-L110BJ4GFYE8}
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
win01
-
use_mutex
false
Targets
-
-
Target
ae1f2914d61d01d927899c62c72a62590ce08baa18a78a1e56bd9dfdda634f3f
-
Size
604KB
-
MD5
06c5d04214063a365e85aba8a7d1a5ca
-
SHA1
cbdf52430e8c7479e12071ee1349008353eee433
-
SHA256
ae1f2914d61d01d927899c62c72a62590ce08baa18a78a1e56bd9dfdda634f3f
-
SHA512
68b49fd290a4ce1215a44045528c13fca56bf82dc99d674b25ab7218b07ece7f921c31bd9b4040aab194c24d24ae3db072b2de6e3d03e6cc6f5ea146fe948097
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-