General
-
Target
payment confirmation.exe
-
Size
1.0MB
-
Sample
221006-k8f6lahbal
-
MD5
e25d9a7242d86c27e2c6221061d4f4f2
-
SHA1
448bc5bdf1f2d763aba2fbee233605f29ac14a40
-
SHA256
e8ee8827402f5843e0b4f5ff6640f1efabbc90217904998f89b308379783bc49
-
SHA512
2bc0e95a9e581544878fd7ae6b0f4552184846cac94a8c9e09e38c6a798029bb15b7338cbd97bcd3a6c92bd976c5369a7d1c9582f48c6608af1b525f2d123a57
-
SSDEEP
12288:BxzD41eG9VpJqrHD6f2fD9hmzinJxFT5jFPHRTZkOWZkQ4JR:BK1eCpJqra2fD96izF5TZk9kQ4
Malware Config
Extracted
netwire
185.136.165.182:3362
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Money_Man
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
payment confirmation.exe
-
Size
1.0MB
-
MD5
e25d9a7242d86c27e2c6221061d4f4f2
-
SHA1
448bc5bdf1f2d763aba2fbee233605f29ac14a40
-
SHA256
e8ee8827402f5843e0b4f5ff6640f1efabbc90217904998f89b308379783bc49
-
SHA512
2bc0e95a9e581544878fd7ae6b0f4552184846cac94a8c9e09e38c6a798029bb15b7338cbd97bcd3a6c92bd976c5369a7d1c9582f48c6608af1b525f2d123a57
-
SSDEEP
12288:BxzD41eG9VpJqrHD6f2fD9hmzinJxFT5jFPHRTZkOWZkQ4JR:BK1eCpJqra2fD96izF5TZk9kQ4
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-