General
-
Target
5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b
-
Size
128KB
-
Sample
220802-btl9maefhn
-
MD5
741148fc8532265614a22308f2bb8057
-
SHA1
c6923ae06a24a0acda890eccfa91fc298a3e08a6
-
SHA256
5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b
-
SHA512
b3cd30cf6077469eb21678ed235d7ddafadac6d8cd5256764cbf1513e29f00e8535bc45534205ded4daeeb144da72f8778e755282b9845732058a6a1e0ed94f0
Malware Config
Targets
-
-
Target
5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b
-
Size
128KB
-
MD5
741148fc8532265614a22308f2bb8057
-
SHA1
c6923ae06a24a0acda890eccfa91fc298a3e08a6
-
SHA256
5b010f3d81b0e6cd34af27a73b183b0980112fc31f03b2a3192cc34f5e90341b
-
SHA512
b3cd30cf6077469eb21678ed235d7ddafadac6d8cd5256764cbf1513e29f00e8535bc45534205ded4daeeb144da72f8778e755282b9845732058a6a1e0ed94f0
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-