General
-
Target
92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094
-
Size
411KB
-
Sample
221024-fzwgpseger
-
MD5
21c579b4b2f5d7dc12ac93af214460e6
-
SHA1
6a7744f745ecbe8004b2aead017dc50d2d0fea71
-
SHA256
92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094
-
SHA512
1450c32a8e43aff9603347e55da02c67a8bfda0249fd18dc1d93195ad81e1bca635273ae3391c4e29544c212335d949c4494b00a9d4311da4dbb7812b60354b7
-
SSDEEP
6144:NVR1yKvclnBPohH3+Cg9UJUwiXf8ntCOtBopHNdHo8iwvzV6Lt4Wf15SziehTutZ:NVRk+/ZgaJUzXWopPFA4WffJQymuW4J
Malware Config
Targets
-
-
Target
92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094
-
Size
411KB
-
MD5
21c579b4b2f5d7dc12ac93af214460e6
-
SHA1
6a7744f745ecbe8004b2aead017dc50d2d0fea71
-
SHA256
92a4f8f51572711df0bd62c7728eab1465b38359ac741f67bc62e4d8ddc38094
-
SHA512
1450c32a8e43aff9603347e55da02c67a8bfda0249fd18dc1d93195ad81e1bca635273ae3391c4e29544c212335d949c4494b00a9d4311da4dbb7812b60354b7
-
SSDEEP
6144:NVR1yKvclnBPohH3+Cg9UJUwiXf8ntCOtBopHNdHo8iwvzV6Lt4Wf15SziehTutZ:NVRk+/ZgaJUzXWopPFA4WffJQymuW4J
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-