General
-
Target
c22a2d9b91c85258725cd4ca05f3813225ec1f913b36492c7166eff2a2f5b797
-
Size
744KB
-
Sample
221126-tfjwfsfb85
-
MD5
42805b23088f55e6b035a887ce6b5d8b
-
SHA1
e83536d691936a9267c50d01cadee89fb4c87f92
-
SHA256
c22a2d9b91c85258725cd4ca05f3813225ec1f913b36492c7166eff2a2f5b797
-
SHA512
1764dcf1bcb1035e9332b2273260ce6acc142a0a09e2fb9dc8a29b3bbae093e0da908ce16457ebea2d9b59cb7cf8b4cfc334ab0fb9b24b47d56a63ba34cf96b5
-
SSDEEP
12288:BM4UmX4eZb9p2lrqzuTbpqMrExB/o+++9ei2UQVKjTRgQnhzeFozePyKfH1awW:BsmIeDbzuEMrExxHthnkOMH1aJ
Malware Config
Targets
-
-
Target
c22a2d9b91c85258725cd4ca05f3813225ec1f913b36492c7166eff2a2f5b797
-
Size
744KB
-
MD5
42805b23088f55e6b035a887ce6b5d8b
-
SHA1
e83536d691936a9267c50d01cadee89fb4c87f92
-
SHA256
c22a2d9b91c85258725cd4ca05f3813225ec1f913b36492c7166eff2a2f5b797
-
SHA512
1764dcf1bcb1035e9332b2273260ce6acc142a0a09e2fb9dc8a29b3bbae093e0da908ce16457ebea2d9b59cb7cf8b4cfc334ab0fb9b24b47d56a63ba34cf96b5
-
SSDEEP
12288:BM4UmX4eZb9p2lrqzuTbpqMrExB/o+++9ei2UQVKjTRgQnhzeFozePyKfH1awW:BsmIeDbzuEMrExxHthnkOMH1aJ
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-