General
-
Target
cad97949b3cca805ba215c68f27ee45a5b7d3ac74211efef74009f0ca410f102
-
Size
910KB
-
Sample
221029-sdfwcacdck
-
MD5
780f4b05765826b553af7fd7c81e9cab
-
SHA1
49d415b6844438a0de735e53ec118ae64408466b
-
SHA256
cad97949b3cca805ba215c68f27ee45a5b7d3ac74211efef74009f0ca410f102
-
SHA512
8f54ea5bb70216cf2a60a3e54c624111cdac82ba1dee8a2cb3a8e8fedfd9a084b939079cbda12852b7c5a4d77a9bf7aae03241f0bbc6b4657d94e7a0fe8c7224
-
SSDEEP
12288:eK2mhAMJ/cPlnM3wXX3H8h7UZ6+5d2J/R+OOWy2PSQQhcucKQNJu:P2O/GlnM3wXXM7nJQ5WRPuCHTu
Malware Config
Targets
-
-
Target
cad97949b3cca805ba215c68f27ee45a5b7d3ac74211efef74009f0ca410f102
-
Size
910KB
-
MD5
780f4b05765826b553af7fd7c81e9cab
-
SHA1
49d415b6844438a0de735e53ec118ae64408466b
-
SHA256
cad97949b3cca805ba215c68f27ee45a5b7d3ac74211efef74009f0ca410f102
-
SHA512
8f54ea5bb70216cf2a60a3e54c624111cdac82ba1dee8a2cb3a8e8fedfd9a084b939079cbda12852b7c5a4d77a9bf7aae03241f0bbc6b4657d94e7a0fe8c7224
-
SSDEEP
12288:eK2mhAMJ/cPlnM3wXX3H8h7UZ6+5d2J/R+OOWy2PSQQhcucKQNJu:P2O/GlnM3wXXM7nJQ5WRPuCHTu
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-