General
-
Target
e5ac9628252f520471a5ae127f223b55b83f5604cb0c0d3bba3f5fa4e9709e10
-
Size
101KB
-
Sample
221126-kftk8aeh48
-
MD5
f9f38a7416ac851a786fb5df71304051
-
SHA1
61920a26e9fce072c8a18bb639e75d0086ab10d5
-
SHA256
e5ac9628252f520471a5ae127f223b55b83f5604cb0c0d3bba3f5fa4e9709e10
-
SHA512
d4d535c25d3c86d5fb41f503cf0aa73a4b4a8bfa0ca3dce967fdda5a2bc988b70621470d6fa41217740318be4de94908089158e7385a75208faab12f6b97a832
-
SSDEEP
3072:VwJ52Y7ZoH5XJaj+WMiIxspYnKN1bI5XLrx8:VwHysJMde8KN1Qrx8
Malware Config
Targets
-
-
Target
e5ac9628252f520471a5ae127f223b55b83f5604cb0c0d3bba3f5fa4e9709e10
-
Size
101KB
-
MD5
f9f38a7416ac851a786fb5df71304051
-
SHA1
61920a26e9fce072c8a18bb639e75d0086ab10d5
-
SHA256
e5ac9628252f520471a5ae127f223b55b83f5604cb0c0d3bba3f5fa4e9709e10
-
SHA512
d4d535c25d3c86d5fb41f503cf0aa73a4b4a8bfa0ca3dce967fdda5a2bc988b70621470d6fa41217740318be4de94908089158e7385a75208faab12f6b97a832
-
SSDEEP
3072:VwJ52Y7ZoH5XJaj+WMiIxspYnKN1bI5XLrx8:VwHysJMde8KN1Qrx8
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-