General
-
Target
SecuriteInfo.com.Trojan.Siggen18.37973.26651.27051.exe
-
Size
766KB
-
Sample
220831-s3lswsaaf9
-
MD5
dc94aba5ad25431c5c77f826fc33119a
-
SHA1
4f34c1e5b9a8def22e993a738cfe707edaaf2c8d
-
SHA256
ab35ed14f9fd4d62deeefade0e6251e78ace1014237a320bfd59b1789f707b8c
-
SHA512
c887535728327cf3fa67c6afcc1d21893d8c877bb3e4cb1161881e7ec5abccfc6b30b71a8319804ae614c422500248750fa0f5d2908330787d91a5a08d8b601a
-
SSDEEP
12288:xfXGrdqi4lylSx1XiQkg3uiTOpFLqGU33Xd1OeqwdVZtP9c7qXaoR55KFeF80:xuGGgXY1qnXbOeqaVLjXaoR5ED
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen18.37973.26651.27051.exe
-
Size
766KB
-
MD5
dc94aba5ad25431c5c77f826fc33119a
-
SHA1
4f34c1e5b9a8def22e993a738cfe707edaaf2c8d
-
SHA256
ab35ed14f9fd4d62deeefade0e6251e78ace1014237a320bfd59b1789f707b8c
-
SHA512
c887535728327cf3fa67c6afcc1d21893d8c877bb3e4cb1161881e7ec5abccfc6b30b71a8319804ae614c422500248750fa0f5d2908330787d91a5a08d8b601a
-
SSDEEP
12288:xfXGrdqi4lylSx1XiQkg3uiTOpFLqGU33Xd1OeqwdVZtP9c7qXaoR55KFeF80:xuGGgXY1qnXbOeqaVLjXaoR5ED
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-