General
-
Target
2c91e88253570593b46dd8d862706642233c7e31589dab3393b054e2b4cb843a
-
Size
560KB
-
Sample
221126-yf4yvadc7v
-
MD5
b5022c76a13e7bd7a3f7e55ccfa78ab1
-
SHA1
a6a457491a113c7e6dd7c0cb349460865ed42579
-
SHA256
2c91e88253570593b46dd8d862706642233c7e31589dab3393b054e2b4cb843a
-
SHA512
ff6ffce3a30f212e763241335e5cc6be750b5dfe2dcb79b59eed1b7784317fa205a0865e6bfeeeaa581b923fe3789bc6c6c13dca1cfd8427bbae4e60e4f5da6a
-
SSDEEP
3072:JosI0ImEPNAqNC0B/oCnnOT5h5r96lHGOVn:JosQTtM75rS
Malware Config
Targets
-
-
Target
2c91e88253570593b46dd8d862706642233c7e31589dab3393b054e2b4cb843a
-
Size
560KB
-
MD5
b5022c76a13e7bd7a3f7e55ccfa78ab1
-
SHA1
a6a457491a113c7e6dd7c0cb349460865ed42579
-
SHA256
2c91e88253570593b46dd8d862706642233c7e31589dab3393b054e2b4cb843a
-
SHA512
ff6ffce3a30f212e763241335e5cc6be750b5dfe2dcb79b59eed1b7784317fa205a0865e6bfeeeaa581b923fe3789bc6c6c13dca1cfd8427bbae4e60e4f5da6a
-
SSDEEP
3072:JosI0ImEPNAqNC0B/oCnnOT5h5r96lHGOVn:JosQTtM75rS
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-