General
-
Target
a545418278552272088bed5bf35de454921197600a7ae93e21d1ceb5773d8cdb.exe
-
Size
972KB
-
Sample
221010-prrm8abge2
-
MD5
ba8b159444a741323d99faae8a2ca6c4
-
SHA1
69c71968e3c9211dd2fd57fd3d20cf3abcc27b6f
-
SHA256
a545418278552272088bed5bf35de454921197600a7ae93e21d1ceb5773d8cdb
-
SHA512
0c300b33aed1654d7467fdc7eda60dccf18e9eff5f8220947a874a06a8d8d1d1c0dd1b9a9ca91e2814546cc3a49fc651ea40fec84e8da8ee1ffa71d4cba524b0
-
SSDEEP
12288:74sW6mALpJFD/+/DtfpcBs0NOJLM2WIhbKzv1YXqjJ5nsLQFIBXbwBzvW/jcuNue:74r6jLD/MhRiNOJdWV1YajrsLaw
Malware Config
Extracted
netwire
194.5.98.194:3384
194.5.98.194:3387
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
goodnews1234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
a545418278552272088bed5bf35de454921197600a7ae93e21d1ceb5773d8cdb.exe
-
Size
972KB
-
MD5
ba8b159444a741323d99faae8a2ca6c4
-
SHA1
69c71968e3c9211dd2fd57fd3d20cf3abcc27b6f
-
SHA256
a545418278552272088bed5bf35de454921197600a7ae93e21d1ceb5773d8cdb
-
SHA512
0c300b33aed1654d7467fdc7eda60dccf18e9eff5f8220947a874a06a8d8d1d1c0dd1b9a9ca91e2814546cc3a49fc651ea40fec84e8da8ee1ffa71d4cba524b0
-
SSDEEP
12288:74sW6mALpJFD/+/DtfpcBs0NOJLM2WIhbKzv1YXqjJ5nsLQFIBXbwBzvW/jcuNue:74r6jLD/MhRiNOJdWV1YajrsLaw
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-