General
-
Target
5a1b603dc55ec81aff0cfa9f7081e8c94685a664e21b2f80897f045456140c8c
-
Size
273KB
-
Sample
220828-x4j3xaegb5
-
MD5
c008143a1923b994fcd49f6570096322
-
SHA1
c083f825337f7ca0bf7e26e4c36398b61091d71f
-
SHA256
5a1b603dc55ec81aff0cfa9f7081e8c94685a664e21b2f80897f045456140c8c
-
SHA512
54021afa98c6bccb5a68e6e41495ed6066e70fb91a583e3f52643cf7b12af533bdaa707239dfde5ff2e43a61a99d2d0de520b62c825909a2f335aff85b6a0945
-
SSDEEP
6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8XCA8B:elnot4+UwLDiT6OzR8llAgqV3B
Malware Config
Extracted
netwire
gds099.mooo.com:5550
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\MShost.exe
-
keylogger_dir
MShost.lnk
-
lock_executable
false
-
mutex
OtuMUNDs
-
offline_keylogger
false
-
password
Zaq1Xsw2**
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
5a1b603dc55ec81aff0cfa9f7081e8c94685a664e21b2f80897f045456140c8c
-
Size
273KB
-
MD5
c008143a1923b994fcd49f6570096322
-
SHA1
c083f825337f7ca0bf7e26e4c36398b61091d71f
-
SHA256
5a1b603dc55ec81aff0cfa9f7081e8c94685a664e21b2f80897f045456140c8c
-
SHA512
54021afa98c6bccb5a68e6e41495ed6066e70fb91a583e3f52643cf7b12af533bdaa707239dfde5ff2e43a61a99d2d0de520b62c825909a2f335aff85b6a0945
-
SSDEEP
6144:ebhnot4+sbOAtbkfHLDiT6OzR8Q0l+/NyqRKbhoXqqD8XCA8B:elnot4+UwLDiT6OzR8llAgqV3B
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-