General
-
Target
c48d870f3f87f895b1b2d2a43cde42470658d7378d807ad9f14dad8b139fcf04
-
Size
197KB
-
Sample
221127-ashpdaba9y
-
MD5
e8ffe8ff7383be1c94a25a8e9725ac3c
-
SHA1
d0a4e29ca7c6b3e43f0ceeb1582e7773246cc099
-
SHA256
c48d870f3f87f895b1b2d2a43cde42470658d7378d807ad9f14dad8b139fcf04
-
SHA512
dd36af316c50b2dbd33b3ada0a95f19cf0abcf571177238d50305ed78d96997f6c2ab28c7c934aa5fed9be4d91ebea819cc9ec69636d0359b6598221ff6ebaf8
-
SSDEEP
3072:Gzpu3mokGsnFQMyME1dBernChrgkMZTI5S8seEkA3XHu6SiNeQDEPSQNoY4i:bWokGcChrgkWH8sLHu/Qz
Malware Config
Targets
-
-
Target
c48d870f3f87f895b1b2d2a43cde42470658d7378d807ad9f14dad8b139fcf04
-
Size
197KB
-
MD5
e8ffe8ff7383be1c94a25a8e9725ac3c
-
SHA1
d0a4e29ca7c6b3e43f0ceeb1582e7773246cc099
-
SHA256
c48d870f3f87f895b1b2d2a43cde42470658d7378d807ad9f14dad8b139fcf04
-
SHA512
dd36af316c50b2dbd33b3ada0a95f19cf0abcf571177238d50305ed78d96997f6c2ab28c7c934aa5fed9be4d91ebea819cc9ec69636d0359b6598221ff6ebaf8
-
SSDEEP
3072:Gzpu3mokGsnFQMyME1dBernChrgkMZTI5S8seEkA3XHu6SiNeQDEPSQNoY4i:bWokGcChrgkWH8sLHu/Qz
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-