General
-
Target
b5073a634b26acaba749136f0d2cdc2eb592d6778419c6446eaa5c7b449d33d4
-
Size
742KB
-
Sample
221123-hnclkaeb49
-
MD5
7513a2bc0a206d10b25973a348e5acb8
-
SHA1
3ff6f9fac6461ab5bbb0f1ec99390df79db7848e
-
SHA256
b5073a634b26acaba749136f0d2cdc2eb592d6778419c6446eaa5c7b449d33d4
-
SHA512
5dd3ab7a45a90f52ce5dfa67867ebb902f82185f4423cff214d95ac22a17f8fcd302b3808203bc56ed762a078423bc7b6f889dc567b8cf05d2a9331947c04bed
-
SSDEEP
12288:6K2mhAMJ/cPlDXXKgMuSEaN2uiEqOHYRVPVT04rQWlHkAinpXdZ5FUN3Bk:L2O/Gl7XKu4UED4RVPVI8Qyqd7FOxk
Malware Config
Targets
-
-
Target
b5073a634b26acaba749136f0d2cdc2eb592d6778419c6446eaa5c7b449d33d4
-
Size
742KB
-
MD5
7513a2bc0a206d10b25973a348e5acb8
-
SHA1
3ff6f9fac6461ab5bbb0f1ec99390df79db7848e
-
SHA256
b5073a634b26acaba749136f0d2cdc2eb592d6778419c6446eaa5c7b449d33d4
-
SHA512
5dd3ab7a45a90f52ce5dfa67867ebb902f82185f4423cff214d95ac22a17f8fcd302b3808203bc56ed762a078423bc7b6f889dc567b8cf05d2a9331947c04bed
-
SSDEEP
12288:6K2mhAMJ/cPlDXXKgMuSEaN2uiEqOHYRVPVT04rQWlHkAinpXdZ5FUN3Bk:L2O/Gl7XKu4UED4RVPVI8Qyqd7FOxk
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-