General
-
Target
2f57c982f5871a0db3f7f1717a227f572c67ffca15fc19f566384dc2cf14f3b6
-
Size
418KB
-
Sample
221126-ry63laba73
-
MD5
5dc4594f7f3817f7abad1000fd2a5c2c
-
SHA1
3d0d35719a9c07b0ea17864aabf00103e0ebf494
-
SHA256
2f57c982f5871a0db3f7f1717a227f572c67ffca15fc19f566384dc2cf14f3b6
-
SHA512
c463cb64badab6acd98985ee3d3700bb1e5ece4644c28c1e9f733a282a742c1f98a4bf3890f1043c6fdf645e01a66167a5a73b2971da4a3d5330e415e68e8b9a
-
SSDEEP
6144:Bk3NSEbb57b4++Pf8bXamFOuGg+Px/r3eUIeLXesG:+5H5g++f2dF1+FdIeLes
Malware Config
Targets
-
-
Target
2f57c982f5871a0db3f7f1717a227f572c67ffca15fc19f566384dc2cf14f3b6
-
Size
418KB
-
MD5
5dc4594f7f3817f7abad1000fd2a5c2c
-
SHA1
3d0d35719a9c07b0ea17864aabf00103e0ebf494
-
SHA256
2f57c982f5871a0db3f7f1717a227f572c67ffca15fc19f566384dc2cf14f3b6
-
SHA512
c463cb64badab6acd98985ee3d3700bb1e5ece4644c28c1e9f733a282a742c1f98a4bf3890f1043c6fdf645e01a66167a5a73b2971da4a3d5330e415e68e8b9a
-
SSDEEP
6144:Bk3NSEbb57b4++Pf8bXamFOuGg+Px/r3eUIeLXesG:+5H5g++f2dF1+FdIeLes
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-