General
-
Target
fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6
-
Size
274KB
-
Sample
221122-v7eaqafa5z
-
MD5
954a40569d9840fd4d492d19cc3fa5a6
-
SHA1
a3c6622bfbeef7023d5bbede041451e305124d02
-
SHA256
fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6
-
SHA512
e9a7b97647d10178a60a88c6310d49db2c10edab7ded53c63a8fe2f80d3af9be25b3525f58f2b808c84d73e8bbc8b3003953201456c107880be3bba695907d3c
-
SSDEEP
6144:bwwik3MHZNEDy756uTayLhvIZp9QTwtlSBtNCD3WQlGb1Y724shg+agT:bbikc5jTCSdj3cgT
Malware Config
Targets
-
-
Target
fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6
-
Size
274KB
-
MD5
954a40569d9840fd4d492d19cc3fa5a6
-
SHA1
a3c6622bfbeef7023d5bbede041451e305124d02
-
SHA256
fd1ddff4e361bc59e19399cae6bd9f9f81381a3480774d283ebfa01a3a9cc2f6
-
SHA512
e9a7b97647d10178a60a88c6310d49db2c10edab7ded53c63a8fe2f80d3af9be25b3525f58f2b808c84d73e8bbc8b3003953201456c107880be3bba695907d3c
-
SSDEEP
6144:bwwik3MHZNEDy756uTayLhvIZp9QTwtlSBtNCD3WQlGb1Y724shg+agT:bbikc5jTCSdj3cgT
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-