General
-
Target
b57ed5956f300093ccca133cf806845cfaf4e11c067188cde5dd484be77a26c3
-
Size
1.1MB
-
Sample
221013-bqs8rsabhj
-
MD5
27894c3876db96d4beb862daaae52e07
-
SHA1
6baa94cb18f135f03b7ae3fcbb80c600d44fdfd0
-
SHA256
b57ed5956f300093ccca133cf806845cfaf4e11c067188cde5dd484be77a26c3
-
SHA512
7caadfcbddabb5629dc765d4c94ab91866d01a10b8081c51de8a12e053a6eea9c71bd7b86ea74de5804c88993d64cf2537efc46e6650cf9c4a98502218fb616f
-
SSDEEP
24576:3L4LJNZ2RWEmmd9JKgmus+BUSB15OwP4:ELJNemmi+rK
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
b57ed5956f300093ccca133cf806845cfaf4e11c067188cde5dd484be77a26c3
-
Size
1.1MB
-
MD5
27894c3876db96d4beb862daaae52e07
-
SHA1
6baa94cb18f135f03b7ae3fcbb80c600d44fdfd0
-
SHA256
b57ed5956f300093ccca133cf806845cfaf4e11c067188cde5dd484be77a26c3
-
SHA512
7caadfcbddabb5629dc765d4c94ab91866d01a10b8081c51de8a12e053a6eea9c71bd7b86ea74de5804c88993d64cf2537efc46e6650cf9c4a98502218fb616f
-
SSDEEP
24576:3L4LJNZ2RWEmmd9JKgmus+BUSB15OwP4:ELJNemmi+rK
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-