General
-
Target
5e065fed8f698980d2d3a7733cb5a966.exe
-
Size
824KB
-
Sample
221013-n2al1scffj
-
MD5
5e065fed8f698980d2d3a7733cb5a966
-
SHA1
5fbfecc629b5ab240aa50a78bc709625366f2a0f
-
SHA256
71e65562e00447d697f996d69ffc7798d96cf2b4799f27a298ce710730802428
-
SHA512
98280965921030d14b8c8cf421351f1f50522f092f8986d6d4717fdd588ddbf98d0230122f5d843c6a1d5322d7e82e51c9a7cb0c7e48932bcf0a9b38663ee3d4
-
SSDEEP
12288:Ip/c1dUEmaiIYQmWrT7vhS8EaRvULdPaV1SSe8FBCSU3Qj:z1GEmaiIYQn3zM7rN8OD3
Malware Config
Extracted
netwire
212.193.30.230:3363
212.193.30.230:3362
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Cantbeme@1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
5e065fed8f698980d2d3a7733cb5a966.exe
-
Size
824KB
-
MD5
5e065fed8f698980d2d3a7733cb5a966
-
SHA1
5fbfecc629b5ab240aa50a78bc709625366f2a0f
-
SHA256
71e65562e00447d697f996d69ffc7798d96cf2b4799f27a298ce710730802428
-
SHA512
98280965921030d14b8c8cf421351f1f50522f092f8986d6d4717fdd588ddbf98d0230122f5d843c6a1d5322d7e82e51c9a7cb0c7e48932bcf0a9b38663ee3d4
-
SSDEEP
12288:Ip/c1dUEmaiIYQmWrT7vhS8EaRvULdPaV1SSe8FBCSU3Qj:z1GEmaiIYQn3zM7rN8OD3
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-