General
-
Target
56f0c42016573de7c5b5b5b7b3d89eada4c87126af40c3ea00be930a7546c55e
-
Size
184KB
-
Sample
221120-mhbjjahd82
-
MD5
46a9e2cfc81304ae2e4a1b573c819670
-
SHA1
fee3833c609746402586b1120d62798fc783c835
-
SHA256
56f0c42016573de7c5b5b5b7b3d89eada4c87126af40c3ea00be930a7546c55e
-
SHA512
49d894c635fbb8c1f902ad16c4331ed08e680c87289510892a8c2ddbbf6a786a97b64b3f160993778ab6dd7f88cad59debfb16b699998eab0dc14e4fe457a9b8
-
SSDEEP
3072:tMcjLsjH3WkwK7ITSA/19ELhvsKZGBewqxvcAFLAxfKucAFLA:tMuYjXH4pbEdvsKEBgA
Malware Config
Targets
-
-
Target
56f0c42016573de7c5b5b5b7b3d89eada4c87126af40c3ea00be930a7546c55e
-
Size
184KB
-
MD5
46a9e2cfc81304ae2e4a1b573c819670
-
SHA1
fee3833c609746402586b1120d62798fc783c835
-
SHA256
56f0c42016573de7c5b5b5b7b3d89eada4c87126af40c3ea00be930a7546c55e
-
SHA512
49d894c635fbb8c1f902ad16c4331ed08e680c87289510892a8c2ddbbf6a786a97b64b3f160993778ab6dd7f88cad59debfb16b699998eab0dc14e4fe457a9b8
-
SSDEEP
3072:tMcjLsjH3WkwK7ITSA/19ELhvsKZGBewqxvcAFLAxfKucAFLA:tMuYjXH4pbEdvsKEBgA
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-