General
-
Target
345049ac125439890dfd44dc7451de56bcbdebb18230f0facf1858574ffa6c9f
-
Size
334KB
-
Sample
220725-fmy23afggl
-
MD5
d6e7b054d5d6fe1a95bc2ffe79cec555
-
SHA1
becb9f6c35b5e3028cf601b1af77630cb8f94005
-
SHA256
345049ac125439890dfd44dc7451de56bcbdebb18230f0facf1858574ffa6c9f
-
SHA512
a63a7ab033fdf7faa196ab652c304ab3c2fa47215e800aa46282b2623ba87c4aac58f8478e06d14d77e693c37015c2b2a3a2502dec67d35f4bc6af668477a5af
Malware Config
Targets
-
-
Target
345049ac125439890dfd44dc7451de56bcbdebb18230f0facf1858574ffa6c9f
-
Size
334KB
-
MD5
d6e7b054d5d6fe1a95bc2ffe79cec555
-
SHA1
becb9f6c35b5e3028cf601b1af77630cb8f94005
-
SHA256
345049ac125439890dfd44dc7451de56bcbdebb18230f0facf1858574ffa6c9f
-
SHA512
a63a7ab033fdf7faa196ab652c304ab3c2fa47215e800aa46282b2623ba87c4aac58f8478e06d14d77e693c37015c2b2a3a2502dec67d35f4bc6af668477a5af
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-