General
-
Target
4fa7679f4f0241ed1e5d63fbae526ff506dd45c350badb0cbb02f7aca61e0ad5
-
Size
1.2MB
-
Sample
221011-mzb7dsbag8
-
MD5
29b108e40acb05c3c9c2fa8c19b166e3
-
SHA1
892c676275a723822d2d47dc1a48defec8bde643
-
SHA256
4fa7679f4f0241ed1e5d63fbae526ff506dd45c350badb0cbb02f7aca61e0ad5
-
SHA512
9cee10259615c90ea51710fd119dc9c8899b8bf4363513ecbc79aa3a69351c68625f5ca5e7c521d2346a54640358eb2deba0fd6db08a7ade5d2970304ad5beb2
-
SSDEEP
24576:peW/uHyRLqHJ/wAmDZtRauPvqz6WQ5YQ9kXRGjr:peW/uSRLeJ4AmDZtPPvqzs5Y+kXRG
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
4fa7679f4f0241ed1e5d63fbae526ff506dd45c350badb0cbb02f7aca61e0ad5
-
Size
1.2MB
-
MD5
29b108e40acb05c3c9c2fa8c19b166e3
-
SHA1
892c676275a723822d2d47dc1a48defec8bde643
-
SHA256
4fa7679f4f0241ed1e5d63fbae526ff506dd45c350badb0cbb02f7aca61e0ad5
-
SHA512
9cee10259615c90ea51710fd119dc9c8899b8bf4363513ecbc79aa3a69351c68625f5ca5e7c521d2346a54640358eb2deba0fd6db08a7ade5d2970304ad5beb2
-
SSDEEP
24576:peW/uHyRLqHJ/wAmDZtRauPvqz6WQ5YQ9kXRGjr:peW/uSRLeJ4AmDZtPPvqzs5Y+kXRG
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-