General
-
Target
tmp
-
Size
7KB
-
Sample
221117-twa89aah6y
-
MD5
27a275b9237315ba8278c5a5c21535a5
-
SHA1
a029e26da504b3f2d8775f7b0592cca298aa89b2
-
SHA256
7f26ea3cb1e19751ee9ca317c3b13d44f3877ede7e162e16172c2eced25f21d7
-
SHA512
8c29a96c5ae1b4690d1f4f5ac348f65144e32235865e69c84c448ec78c837951ecedc2d2dc6adc0b1c5d7b5bbb5d7cd7b6b21134120ce775e11b7df9bc74d56b
-
SSDEEP
192:p9OSsMuPtyvkusLBkGYM9xyXAVxVwy75HjXEjdtG:p9OSszP48usLiVM9Qej5bodt
Malware Config
Extracted
netwire
212.193.30.230:3363
212.193.30.230:3362
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Cantbeme@1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
tmp
-
Size
7KB
-
MD5
27a275b9237315ba8278c5a5c21535a5
-
SHA1
a029e26da504b3f2d8775f7b0592cca298aa89b2
-
SHA256
7f26ea3cb1e19751ee9ca317c3b13d44f3877ede7e162e16172c2eced25f21d7
-
SHA512
8c29a96c5ae1b4690d1f4f5ac348f65144e32235865e69c84c448ec78c837951ecedc2d2dc6adc0b1c5d7b5bbb5d7cd7b6b21134120ce775e11b7df9bc74d56b
-
SSDEEP
192:p9OSsMuPtyvkusLBkGYM9xyXAVxVwy75HjXEjdtG:p9OSszP48usLiVM9Qej5bodt
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-