General
-
Target
9b81e7cc080cafd5a57c3e02c856bef5eaa919c66fb0f81652c6357dc117937c
-
Size
124KB
-
Sample
221126-xw2yrabf9x
-
MD5
e107de665a2d9e669f4ba7ec9286f97a
-
SHA1
07e2f355c4824ab732f1802f4ef86e64660e5359
-
SHA256
9b81e7cc080cafd5a57c3e02c856bef5eaa919c66fb0f81652c6357dc117937c
-
SHA512
cfab432999d21e18f6597472284273a02145408c92f5e8a4a341f02eb72b3dee0aa9219702d9962676d84e3cac02f411debdee94c9eff92c675e8e465f67fa49
-
SSDEEP
3072:39pyookqQpYKaFSAyRzyKnoAJe3/3azLhep:39pQoupyRzyKoAJe3/3gL0
Malware Config
Targets
-
-
Target
9b81e7cc080cafd5a57c3e02c856bef5eaa919c66fb0f81652c6357dc117937c
-
Size
124KB
-
MD5
e107de665a2d9e669f4ba7ec9286f97a
-
SHA1
07e2f355c4824ab732f1802f4ef86e64660e5359
-
SHA256
9b81e7cc080cafd5a57c3e02c856bef5eaa919c66fb0f81652c6357dc117937c
-
SHA512
cfab432999d21e18f6597472284273a02145408c92f5e8a4a341f02eb72b3dee0aa9219702d9962676d84e3cac02f411debdee94c9eff92c675e8e465f67fa49
-
SSDEEP
3072:39pyookqQpYKaFSAyRzyKnoAJe3/3azLhep:39pQoupyRzyKoAJe3/3gL0
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-