General
-
Target
b2ce1a55a4d829224862ad9d27025343ccc882bf1709520c703a99b3955868a9
-
Size
340KB
-
Sample
221019-qvq2jaaebr
-
MD5
91e6944aad1a3767e2e3e18a01910950
-
SHA1
0eb4cd38f8663fe7ca5fafdc778041fe62ef42cc
-
SHA256
b2ce1a55a4d829224862ad9d27025343ccc882bf1709520c703a99b3955868a9
-
SHA512
7f7d75292b37dc46d1c184605125ee5ce75246f8508f0a75e6f942494bf5dd86e2585a20ceaf34999e48f329bb49e1beeedb2b302abcb3cb84c1441b821383cf
-
SSDEEP
6144:7phs/DuvJ/3vrx4bsk3LzHx3fXYrhypfFpvNlx077eVCKxaaw0sRHXHfm:dhOKh/rWzbzZQrA1L5s0COzsRXf
Malware Config
Targets
-
-
Target
b2ce1a55a4d829224862ad9d27025343ccc882bf1709520c703a99b3955868a9
-
Size
340KB
-
MD5
91e6944aad1a3767e2e3e18a01910950
-
SHA1
0eb4cd38f8663fe7ca5fafdc778041fe62ef42cc
-
SHA256
b2ce1a55a4d829224862ad9d27025343ccc882bf1709520c703a99b3955868a9
-
SHA512
7f7d75292b37dc46d1c184605125ee5ce75246f8508f0a75e6f942494bf5dd86e2585a20ceaf34999e48f329bb49e1beeedb2b302abcb3cb84c1441b821383cf
-
SSDEEP
6144:7phs/DuvJ/3vrx4bsk3LzHx3fXYrhypfFpvNlx077eVCKxaaw0sRHXHfm:dhOKh/rWzbzZQrA1L5s0COzsRXf
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-