General
-
Target
8430ca8466fb8afdd45aae01a8029e27c1fbe927d5fc37fc545abc15c43c2d75
-
Size
120KB
-
Sample
221126-h6t9bsef9w
-
MD5
2b52810ac491141dda2eca21032c97cf
-
SHA1
09da733874c3d5cc03f0ca8fdfb21206f7562f05
-
SHA256
8430ca8466fb8afdd45aae01a8029e27c1fbe927d5fc37fc545abc15c43c2d75
-
SHA512
8bd6ac1f6afc94d56b211edac778ee419ef0f3e7e3ff92944e687b895a829f0c492b2d58db9b083bf6c679d71d6e216b0d6d03dbc5c00f177a44afb96a286bb6
-
SSDEEP
3072:3Asj8MBX8s0oXJU9WWfmkZOfluHJj/UDbTRWW0mjoruNtwdPws:3AsBZy9Nf7ZOUpL0bTRL/+uNtXs
Malware Config
Targets
-
-
Target
8430ca8466fb8afdd45aae01a8029e27c1fbe927d5fc37fc545abc15c43c2d75
-
Size
120KB
-
MD5
2b52810ac491141dda2eca21032c97cf
-
SHA1
09da733874c3d5cc03f0ca8fdfb21206f7562f05
-
SHA256
8430ca8466fb8afdd45aae01a8029e27c1fbe927d5fc37fc545abc15c43c2d75
-
SHA512
8bd6ac1f6afc94d56b211edac778ee419ef0f3e7e3ff92944e687b895a829f0c492b2d58db9b083bf6c679d71d6e216b0d6d03dbc5c00f177a44afb96a286bb6
-
SSDEEP
3072:3Asj8MBX8s0oXJU9WWfmkZOfluHJj/UDbTRWW0mjoruNtwdPws:3AsBZy9Nf7ZOUpL0bTRL/+uNtXs
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-