General
-
Target
8f98297f190db64c6c1bb9b85b78eca5.exe
-
Size
273KB
-
Sample
220802-wcajqaafhr
-
MD5
8f98297f190db64c6c1bb9b85b78eca5
-
SHA1
1bef5e61a3c11a8651870f3ad386f0a09f94de52
-
SHA256
3adeefdaffda88ac8183d5c4164c9ad10b63c039c72fac187a596f4fcf906c00
-
SHA512
193054828f611dc98410472d519618de039cdf33fd9611d7214d695f8328c718a7b444412e8de74ad7ab14ed922f52354dd73b3069acddea1942469062f6721b
Malware Config
Extracted
netwire
ponchikvps.ddns.net:3677
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
8f98297f190db64c6c1bb9b85b78eca5.exe
-
Size
273KB
-
MD5
8f98297f190db64c6c1bb9b85b78eca5
-
SHA1
1bef5e61a3c11a8651870f3ad386f0a09f94de52
-
SHA256
3adeefdaffda88ac8183d5c4164c9ad10b63c039c72fac187a596f4fcf906c00
-
SHA512
193054828f611dc98410472d519618de039cdf33fd9611d7214d695f8328c718a7b444412e8de74ad7ab14ed922f52354dd73b3069acddea1942469062f6721b
Score10/10-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-