General
-
Target
dafb646a7948bda63b6e179079b61be12ba850a671d6599f4ddc0a3d9856f38a
-
Size
634KB
-
Sample
221022-r383radhdn
-
MD5
2bdcb5958fee4871f0b780fadc34e0a8
-
SHA1
8d2071387c8de8081479153b331c5d34d6cf6d0d
-
SHA256
dafb646a7948bda63b6e179079b61be12ba850a671d6599f4ddc0a3d9856f38a
-
SHA512
cf75975843837fbe961b4485d9c5efb45d7a71a3d1e2980c1975782e6aad7bf10ff0db7cf637e443d19f585906ff6062955ff6ba38ddbec0de178dd4d0a63436
-
SSDEEP
6144:ecCmiQfipBKWzkeHrb08rTj6aBpSYdS1wjzcoeqqD97mmAxCofOTyAHoDK3E/WIx:ecXiQfipPrb08rTj6+pGWqAxwDqx
Malware Config
Extracted
netwire
sex.gravitynet.lol:69
imgay.komarupics.cam:696
-
activex_autorun
false
-
activex_key
{3L23H1WC-44VT-8C27-UFKB-4BWL52C45O6Y}
-
copy_executable
false
-
delete_original
false
-
host_id
RaptureV2
-
install_path
%AppData%\Chromium\mng.exe
-
keylogger_dir
JSCMNG.lnk
-
lock_executable
false
-
mutex
Revolt
-
offline_keylogger
false
-
password
IzumiTop
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
dafb646a7948bda63b6e179079b61be12ba850a671d6599f4ddc0a3d9856f38a
-
Size
634KB
-
MD5
2bdcb5958fee4871f0b780fadc34e0a8
-
SHA1
8d2071387c8de8081479153b331c5d34d6cf6d0d
-
SHA256
dafb646a7948bda63b6e179079b61be12ba850a671d6599f4ddc0a3d9856f38a
-
SHA512
cf75975843837fbe961b4485d9c5efb45d7a71a3d1e2980c1975782e6aad7bf10ff0db7cf637e443d19f585906ff6062955ff6ba38ddbec0de178dd4d0a63436
-
SSDEEP
6144:ecCmiQfipBKWzkeHrb08rTj6aBpSYdS1wjzcoeqqD97mmAxCofOTyAHoDK3E/WIx:ecXiQfipPrb08rTj6+pGWqAxwDqx
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-