General
-
Target
4f0ea430a04f11a0105041319a913b4a3340fd408a0d74d0302aef6fc3da5dd5
-
Size
696KB
-
Sample
221126-qlyd9afc76
-
MD5
5ed199fb484c4c10697ec8f9797efaac
-
SHA1
8a73a40733c8d10b3da09792689370780aa0e8cf
-
SHA256
4f0ea430a04f11a0105041319a913b4a3340fd408a0d74d0302aef6fc3da5dd5
-
SHA512
8df578226ab82c3431c1f555be15611d59d9f5d58a44fc4160cac20934fe5916f672ccc0e6ade12ff06d1293e64324a91d7bbcd1bc4e1e02ed93c544c07c7fe6
-
SSDEEP
12288:eK2mhAMJ/cPl8+afXgt8h7UZYE82Y5UKUL4n4y3Xp3SbSlUp:P2O/Gl8+avh7g6zwm4m53Sb2M
Malware Config
Targets
-
-
Target
4f0ea430a04f11a0105041319a913b4a3340fd408a0d74d0302aef6fc3da5dd5
-
Size
696KB
-
MD5
5ed199fb484c4c10697ec8f9797efaac
-
SHA1
8a73a40733c8d10b3da09792689370780aa0e8cf
-
SHA256
4f0ea430a04f11a0105041319a913b4a3340fd408a0d74d0302aef6fc3da5dd5
-
SHA512
8df578226ab82c3431c1f555be15611d59d9f5d58a44fc4160cac20934fe5916f672ccc0e6ade12ff06d1293e64324a91d7bbcd1bc4e1e02ed93c544c07c7fe6
-
SSDEEP
12288:eK2mhAMJ/cPl8+afXgt8h7UZYE82Y5UKUL4n4y3Xp3SbSlUp:P2O/Gl8+avh7g6zwm4m53Sb2M
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-