General
-
Target
bf39a4bd2d0f9f19974801ceac94325b64afd694cff4f07bf5ff9bbbfdc1cb38
-
Size
193KB
-
Sample
221126-b689xsch77
-
MD5
34f28fbf58ffb28c5249f4fb2566561d
-
SHA1
5dbd4c6e22f30c461068d90f355ff47ab09603f1
-
SHA256
bf39a4bd2d0f9f19974801ceac94325b64afd694cff4f07bf5ff9bbbfdc1cb38
-
SHA512
a3ea3826bb84de9b25e52128e998fe1af2516ff6f10bc3a2c6614a4c976cc0c8148cf26a241b47e30543b3c3f72c29ff952c8585e208263fb3e85818a939652d
-
SSDEEP
3072:+rBPCfoUiq7m+FvbPe7Lq24UQJAze/02oTxAWyt5eS2e4UdSp0cfQ2UplArUgF:CbUXze7dVKKxA5toqM0cFUplAf
Malware Config
Targets
-
-
Target
bf39a4bd2d0f9f19974801ceac94325b64afd694cff4f07bf5ff9bbbfdc1cb38
-
Size
193KB
-
MD5
34f28fbf58ffb28c5249f4fb2566561d
-
SHA1
5dbd4c6e22f30c461068d90f355ff47ab09603f1
-
SHA256
bf39a4bd2d0f9f19974801ceac94325b64afd694cff4f07bf5ff9bbbfdc1cb38
-
SHA512
a3ea3826bb84de9b25e52128e998fe1af2516ff6f10bc3a2c6614a4c976cc0c8148cf26a241b47e30543b3c3f72c29ff952c8585e208263fb3e85818a939652d
-
SSDEEP
3072:+rBPCfoUiq7m+FvbPe7Lq24UQJAze/02oTxAWyt5eS2e4UdSp0cfQ2UplArUgF:CbUXze7dVKKxA5toqM0cFUplAf
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops file in Drivers directory
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-