General
-
Target
ed653ea9035e70834c3628b8ec062da5a14d1c410bb1ae7e10e0aa486c64705e.bin
-
Size
854KB
-
Sample
220914-tapvhseeam
-
MD5
1ba22f1a866eb06ab9c55c3dd5d75166
-
SHA1
81b75cb53998183d5f70b28a2554752cf9501142
-
SHA256
ed653ea9035e70834c3628b8ec062da5a14d1c410bb1ae7e10e0aa486c64705e
-
SHA512
419f8890508f042ed5375be36927ca470fa84f549d8a3309f7d8fb543335b443da20438eb178301dd5d315621f84a808ef8554cdce9bc826b272932a16e0e7d6
-
SSDEEP
3072:6OoqL0207vxpzIzeb3b9Jb7UY9F2dpUb4+io4cCGUVTiZyD9K2881eeeeeeeeeeK:X2z8abr9plFt7Qc7UVMyD9K288
Malware Config
Extracted
netwire
pino123.serveftp.com:3004
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Mighty$
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
password1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
ed653ea9035e70834c3628b8ec062da5a14d1c410bb1ae7e10e0aa486c64705e.bin
-
Size
854KB
-
MD5
1ba22f1a866eb06ab9c55c3dd5d75166
-
SHA1
81b75cb53998183d5f70b28a2554752cf9501142
-
SHA256
ed653ea9035e70834c3628b8ec062da5a14d1c410bb1ae7e10e0aa486c64705e
-
SHA512
419f8890508f042ed5375be36927ca470fa84f549d8a3309f7d8fb543335b443da20438eb178301dd5d315621f84a808ef8554cdce9bc826b272932a16e0e7d6
-
SSDEEP
3072:6OoqL0207vxpzIzeb3b9Jb7UY9F2dpUb4+io4cCGUVTiZyD9K2881eeeeeeeeeeK:X2z8abr9plFt7Qc7UVMyD9K288
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Suspicious use of SetThreadContext
-