General
-
Target
INV03483287732.exe
-
Size
776KB
-
Sample
220801-f5zrbacgfj
-
MD5
47bae5149fb9832906bf16c11296eb5e
-
SHA1
df8c1b31cfe3d63ec5252e86296bc62efceafc05
-
SHA256
f310b643bdb799627e5b28339b5f455129d61bfd4fb50bdc802b052038c7eb1a
-
SHA512
032f6363b9bf234a24105164eda3aa6b047ca9abcbf8ae7b7640087c201847cc87fa5082f8526357f0b1bbb9216ac582344c3498805aa8ab2810ca114ae0ec26
Malware Config
Extracted
netwire
149.102.132.253:3399
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV03483287732.exe
-
Size
776KB
-
MD5
47bae5149fb9832906bf16c11296eb5e
-
SHA1
df8c1b31cfe3d63ec5252e86296bc62efceafc05
-
SHA256
f310b643bdb799627e5b28339b5f455129d61bfd4fb50bdc802b052038c7eb1a
-
SHA512
032f6363b9bf234a24105164eda3aa6b047ca9abcbf8ae7b7640087c201847cc87fa5082f8526357f0b1bbb9216ac582344c3498805aa8ab2810ca114ae0ec26
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-