General
-
Target
27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5
-
Size
734KB
-
Sample
221001-zakhpaffak
-
MD5
764f2688a266ba3cab3a77dc7de911d0
-
SHA1
aabb78ced12f42e5e67d681ad0fcf26ae58b1e5d
-
SHA256
27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5
-
SHA512
27f8bb9039d7c67af8dcc19f7b1ae5a7601e217a381683a4380ca97baa94bf1009d9a14dcd50e964edac6599c616a3666f1900a98b4af2a9e4b7ca496c93bc73
-
SSDEEP
12288:a8kBtlz25iIItGL94PiseTRp/3/6pVKw86hc/80c0eodG:17mGRrvQVK+hc/LpG
Malware Config
Targets
-
-
Target
27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5
-
Size
734KB
-
MD5
764f2688a266ba3cab3a77dc7de911d0
-
SHA1
aabb78ced12f42e5e67d681ad0fcf26ae58b1e5d
-
SHA256
27e8103629b7e24e47e592b8c32708e491f013b06ca2ffaf6b042479a93b4cc5
-
SHA512
27f8bb9039d7c67af8dcc19f7b1ae5a7601e217a381683a4380ca97baa94bf1009d9a14dcd50e964edac6599c616a3666f1900a98b4af2a9e4b7ca496c93bc73
-
SSDEEP
12288:a8kBtlz25iIItGL94PiseTRp/3/6pVKw86hc/80c0eodG:17mGRrvQVK+hc/LpG
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-