General
-
Target
dde1d2bff5076a07a34a3d079eb42603.exe
-
Size
720KB
-
Sample
220901-lg175abefm
-
MD5
dde1d2bff5076a07a34a3d079eb42603
-
SHA1
5255caf6bc8aa67a7b5c22fbe15b1dff34155905
-
SHA256
5c49bfd97ea20083080e81c025dbbc5bafdeadf692de79cba059442a2c0bf8b6
-
SHA512
53ffed18d0f2a6efdb567d60ef6cd81189bd319cfb6cd0929d603914b7c00674b75c793e92311d6bc9e14116cf5814a3e0e3805a52f95ad3fabc8e947684be05
-
SSDEEP
12288:UbpM2Tgxl6b6JBAdDz7/VFbxJxBsIfL+3wFtmTAnPmJDOLxAyIFmki9bF3:UbfggDDb7xFK3w9nPm5Zk3
Malware Config
Extracted
netwire
212.193.30.230:4000
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Okonkwo
-
lock_executable
true
-
mutex
ltpFhccL
-
offline_keylogger
false
-
password
4QR5EtvOH9
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
dde1d2bff5076a07a34a3d079eb42603.exe
-
Size
720KB
-
MD5
dde1d2bff5076a07a34a3d079eb42603
-
SHA1
5255caf6bc8aa67a7b5c22fbe15b1dff34155905
-
SHA256
5c49bfd97ea20083080e81c025dbbc5bafdeadf692de79cba059442a2c0bf8b6
-
SHA512
53ffed18d0f2a6efdb567d60ef6cd81189bd319cfb6cd0929d603914b7c00674b75c793e92311d6bc9e14116cf5814a3e0e3805a52f95ad3fabc8e947684be05
-
SSDEEP
12288:UbpM2Tgxl6b6JBAdDz7/VFbxJxBsIfL+3wFtmTAnPmJDOLxAyIFmki9bF3:UbfggDDb7xFK3w9nPm5Zk3
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-