General
-
Target
39cc393ce3849f9e446124eda0c4a8e85a18a691d178deda0a62a06264ed36d7
-
Size
648KB
-
Sample
221107-s8pfzagffj
-
MD5
d6c1a5836df0a1284057bbc9ca36c81b
-
SHA1
0579b7547ab1cb410a85004c9630c9909de5e22b
-
SHA256
39cc393ce3849f9e446124eda0c4a8e85a18a691d178deda0a62a06264ed36d7
-
SHA512
c70f7c13446b1ff00e02586d5778a3e4c1bd834e0d2e8aed6917d95132bd1272beae1370c81c32ba624b3ad3db8b0e6314a41ddfb0a0b589e9cf3ea173a75f2d
-
SSDEEP
12288:4LHNif1w20d2fcGpXAJmzznHpFnDb2FTmB98CMaL3KFFNwXYTTTXg0:06w2G2vBqmzQTrzNwqk0
Malware Config
Targets
-
-
Target
39cc393ce3849f9e446124eda0c4a8e85a18a691d178deda0a62a06264ed36d7
-
Size
648KB
-
MD5
d6c1a5836df0a1284057bbc9ca36c81b
-
SHA1
0579b7547ab1cb410a85004c9630c9909de5e22b
-
SHA256
39cc393ce3849f9e446124eda0c4a8e85a18a691d178deda0a62a06264ed36d7
-
SHA512
c70f7c13446b1ff00e02586d5778a3e4c1bd834e0d2e8aed6917d95132bd1272beae1370c81c32ba624b3ad3db8b0e6314a41ddfb0a0b589e9cf3ea173a75f2d
-
SSDEEP
12288:4LHNif1w20d2fcGpXAJmzznHpFnDb2FTmB98CMaL3KFFNwXYTTTXg0:06w2G2vBqmzQTrzNwqk0
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-