General
-
Target
14a01c2daa9a77a0b404ed9094a9a6f72fbd5b2edbc4951830a53e9dcd270722
-
Size
202KB
-
Sample
221127-q7s2nacc34
-
MD5
f9386f6557a8ea237b7c16620c87cdf5
-
SHA1
2c6101e9af0fa4446ecf7981471058dc3fd2f3ff
-
SHA256
14a01c2daa9a77a0b404ed9094a9a6f72fbd5b2edbc4951830a53e9dcd270722
-
SHA512
e33a1bdb5cecbda7f69f88506dbe88156f983dcf792ca00bc6650566dfb4c0187bdc87527b8ec4503d4be306231048bfd0e1659b5fb0549ed9d3bf6a597e075d
-
SSDEEP
6144:dAsBZRqmj6uyk+pnBWYjXJ+ebC5909H9dDqRUb5os6QT1:HGuvSnfJ+ebCz0Nbf6QT1
Malware Config
Targets
-
-
Target
14a01c2daa9a77a0b404ed9094a9a6f72fbd5b2edbc4951830a53e9dcd270722
-
Size
202KB
-
MD5
f9386f6557a8ea237b7c16620c87cdf5
-
SHA1
2c6101e9af0fa4446ecf7981471058dc3fd2f3ff
-
SHA256
14a01c2daa9a77a0b404ed9094a9a6f72fbd5b2edbc4951830a53e9dcd270722
-
SHA512
e33a1bdb5cecbda7f69f88506dbe88156f983dcf792ca00bc6650566dfb4c0187bdc87527b8ec4503d4be306231048bfd0e1659b5fb0549ed9d3bf6a597e075d
-
SSDEEP
6144:dAsBZRqmj6uyk+pnBWYjXJ+ebC5909H9dDqRUb5os6QT1:HGuvSnfJ+ebCz0Nbf6QT1
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-