General
-
Target
13a58ff5a236a3986c66784f0ea4bc2b9dba906cbaa752f1d8df9d68e46bfc2c
-
Size
178KB
-
Sample
221029-blxqdsegd2
-
MD5
0b62db064492dbaded5dd07fc9a508d0
-
SHA1
c7a8c3cb25aa63fc304cca8f30c780a0427e8e8b
-
SHA256
13a58ff5a236a3986c66784f0ea4bc2b9dba906cbaa752f1d8df9d68e46bfc2c
-
SHA512
e222eabbd621f263b6745f1498dc011d75bfd7686979fa5477b031c6546aa9df22d6e0ba93ba02de43858812e1bcf9b3d4d63f6e77e25eb4b01a2d8a949e843a
-
SSDEEP
3072:I7VNBmjq8Kmvn6rIVTYC7H2rAalUW4R6rv3p8WStxlQu2VCPwc:I7VzxYnWI6agAalr4UrPp8WStPQu285
Malware Config
Targets
-
-
Target
13a58ff5a236a3986c66784f0ea4bc2b9dba906cbaa752f1d8df9d68e46bfc2c
-
Size
178KB
-
MD5
0b62db064492dbaded5dd07fc9a508d0
-
SHA1
c7a8c3cb25aa63fc304cca8f30c780a0427e8e8b
-
SHA256
13a58ff5a236a3986c66784f0ea4bc2b9dba906cbaa752f1d8df9d68e46bfc2c
-
SHA512
e222eabbd621f263b6745f1498dc011d75bfd7686979fa5477b031c6546aa9df22d6e0ba93ba02de43858812e1bcf9b3d4d63f6e77e25eb4b01a2d8a949e843a
-
SSDEEP
3072:I7VNBmjq8Kmvn6rIVTYC7H2rAalUW4R6rv3p8WStxlQu2VCPwc:I7VzxYnWI6agAalr4UrPp8WStPQu285
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-