General
-
Target
3f2a653458d88060d8e2dcfde4a2b396.exe
-
Size
793KB
-
Sample
221012-e4tcgacde6
-
MD5
3f2a653458d88060d8e2dcfde4a2b396
-
SHA1
8b514d159d3aad5ed0eb8b0b5ee7db53e183738e
-
SHA256
af18d799c7288fc034106f041f1595591719fb64adebebc3f78b634229a7f83d
-
SHA512
a4be00914fe7719d7983997e211fe1869eea4a09e31fb40989bb87c325053d76908d70173154713e8fe617739c4559759f1521333646b5d9e1a53c64cb0656a1
-
SSDEEP
12288:RejUauu2iNaLrA7Ed3Oml1OktIQvRCUKPnN5CdTenWlCqjJ5nS4TU41WjZfX6SyG:Mjzuu1QSEd3OmTO8IQvRZKPNa0WrjrS
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3f2a653458d88060d8e2dcfde4a2b396.exe
-
Size
793KB
-
MD5
3f2a653458d88060d8e2dcfde4a2b396
-
SHA1
8b514d159d3aad5ed0eb8b0b5ee7db53e183738e
-
SHA256
af18d799c7288fc034106f041f1595591719fb64adebebc3f78b634229a7f83d
-
SHA512
a4be00914fe7719d7983997e211fe1869eea4a09e31fb40989bb87c325053d76908d70173154713e8fe617739c4559759f1521333646b5d9e1a53c64cb0656a1
-
SSDEEP
12288:RejUauu2iNaLrA7Ed3Oml1OktIQvRCUKPnN5CdTenWlCqjJ5nS4TU41WjZfX6SyG:Mjzuu1QSEd3OmTO8IQvRZKPNa0WrjrS
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-