General
-
Target
1f713a60d7e4ef5df7e03ca7f234b2e667a75174cb4ea93b5e660ac8b95f04eb
-
Size
601KB
-
Sample
220829-ftrlkadcb3
-
MD5
45f82dff24280cccc9774b376f510e76
-
SHA1
3ba15ca46399bd89a5cbc495eca707fe73d8161a
-
SHA256
1f713a60d7e4ef5df7e03ca7f234b2e667a75174cb4ea93b5e660ac8b95f04eb
-
SHA512
0fe77d88b0b3c36efc4e8e7c53e7696966e6dbca9d376df054f00e283e115accedfdb968364f0aed1835babee49a704b1d62a1621c03900990e50e7557f0574d
-
SSDEEP
12288:ZGSutAqBePSVM+qryqETBtFBp0gDfYEWhOM95p414sy:ZGSuAqBZZqyqEvFk2YE2OM9fK4s
Malware Config
Extracted
netwire
sani990.duckdns.org:5631
admin96.hopto.org:5631
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
THE SAINT
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
hPSXRboY
-
offline_keylogger
true
-
password
teamoluwa1
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
1f713a60d7e4ef5df7e03ca7f234b2e667a75174cb4ea93b5e660ac8b95f04eb
-
Size
601KB
-
MD5
45f82dff24280cccc9774b376f510e76
-
SHA1
3ba15ca46399bd89a5cbc495eca707fe73d8161a
-
SHA256
1f713a60d7e4ef5df7e03ca7f234b2e667a75174cb4ea93b5e660ac8b95f04eb
-
SHA512
0fe77d88b0b3c36efc4e8e7c53e7696966e6dbca9d376df054f00e283e115accedfdb968364f0aed1835babee49a704b1d62a1621c03900990e50e7557f0574d
-
SSDEEP
12288:ZGSutAqBePSVM+qryqETBtFBp0gDfYEWhOM95p414sy:ZGSuAqBZZqyqEvFk2YE2OM9fK4s
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-