General
-
Target
df1f93819545a92ed7acb5a67b3257dcdc4b3904e536fa856d27e7b29cc83053
-
Size
467KB
-
Sample
221125-ylt1tsbd39
-
MD5
03943957531a9b7ed0eca96e4337b4a2
-
SHA1
39a4ee1d0f0fed3a81555b52fec030e913cb8563
-
SHA256
df1f93819545a92ed7acb5a67b3257dcdc4b3904e536fa856d27e7b29cc83053
-
SHA512
cdf9beaf36313259cb56955bed0d23867e028ef064c00f2c09cfecd56126c8df520be9f4bd019ca61ac3ec03dbf73a9d802a6328ae4187804a16542c0ff451b2
-
SSDEEP
6144:x32IXVi7TJZeXDUjwE1bYXP/XkwJXa8AkTqTVfQlHKJTJoleclZdmMO2:x3jg8YjwEFQ/XbXLr0NQBElmB
Malware Config
Targets
-
-
Target
df1f93819545a92ed7acb5a67b3257dcdc4b3904e536fa856d27e7b29cc83053
-
Size
467KB
-
MD5
03943957531a9b7ed0eca96e4337b4a2
-
SHA1
39a4ee1d0f0fed3a81555b52fec030e913cb8563
-
SHA256
df1f93819545a92ed7acb5a67b3257dcdc4b3904e536fa856d27e7b29cc83053
-
SHA512
cdf9beaf36313259cb56955bed0d23867e028ef064c00f2c09cfecd56126c8df520be9f4bd019ca61ac3ec03dbf73a9d802a6328ae4187804a16542c0ff451b2
-
SSDEEP
6144:x32IXVi7TJZeXDUjwE1bYXP/XkwJXa8AkTqTVfQlHKJTJoleclZdmMO2:x3jg8YjwEFQ/XbXLr0NQBElmB
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-