General
-
Target
ec5e55827edf95d098ae5d7731cfa6c2e43c12ff2967dba25b291c194226e815
-
Size
99KB
-
Sample
221021-x3djqsbhg3
-
MD5
205819e715877fa9f0c28f80f313b360
-
SHA1
b2172b04ff7cf85dee45218106f354d10e100cc9
-
SHA256
ec5e55827edf95d098ae5d7731cfa6c2e43c12ff2967dba25b291c194226e815
-
SHA512
87be48b3f252333c81768071eb5ed833606acd7b23dc730c810e41ad44fef8a0f00c5784acda6958c66bd6bd16a9acb355f1d15ae1400c835b68a288e3169a4c
-
SSDEEP
3072:ulwT11JOsyobBuL7OdhR5rgGuXMQ8oWfz16xO:UwxdbBuLSdlwWoWh6xO
Malware Config
Targets
-
-
Target
ec5e55827edf95d098ae5d7731cfa6c2e43c12ff2967dba25b291c194226e815
-
Size
99KB
-
MD5
205819e715877fa9f0c28f80f313b360
-
SHA1
b2172b04ff7cf85dee45218106f354d10e100cc9
-
SHA256
ec5e55827edf95d098ae5d7731cfa6c2e43c12ff2967dba25b291c194226e815
-
SHA512
87be48b3f252333c81768071eb5ed833606acd7b23dc730c810e41ad44fef8a0f00c5784acda6958c66bd6bd16a9acb355f1d15ae1400c835b68a288e3169a4c
-
SSDEEP
3072:ulwT11JOsyobBuL7OdhR5rgGuXMQ8oWfz16xO:UwxdbBuLSdlwWoWh6xO
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-