General
-
Target
7157951cf71be2b4f577e64e546688ea346630f7c1988d3e5afbf027549ffb0d
-
Size
468KB
-
Sample
221127-qnwy7see3y
-
MD5
5375f2896c8fc817fc15ec3d3a1f657d
-
SHA1
d594ab6cbde3a78bd07e1e0a7fc7c92080e9005b
-
SHA256
7157951cf71be2b4f577e64e546688ea346630f7c1988d3e5afbf027549ffb0d
-
SHA512
fc4eeabf3e8faf6bd5d5cea7d9e49a9bb9db7253ae1a57afccddd320d181c26878c50dbe41c87105e92d0c730fe7286e0535b269beec4cd8ce1ae43e1759a118
-
SSDEEP
6144:piOpPXoFc+Em+OUZhSa1+l11KE8gHMl4Ot4geMFY8mwNdLqFVmVPthY+p:cO1WcHm+gacP8Jft4g//QAVPth
Malware Config
Targets
-
-
Target
7157951cf71be2b4f577e64e546688ea346630f7c1988d3e5afbf027549ffb0d
-
Size
468KB
-
MD5
5375f2896c8fc817fc15ec3d3a1f657d
-
SHA1
d594ab6cbde3a78bd07e1e0a7fc7c92080e9005b
-
SHA256
7157951cf71be2b4f577e64e546688ea346630f7c1988d3e5afbf027549ffb0d
-
SHA512
fc4eeabf3e8faf6bd5d5cea7d9e49a9bb9db7253ae1a57afccddd320d181c26878c50dbe41c87105e92d0c730fe7286e0535b269beec4cd8ce1ae43e1759a118
-
SSDEEP
6144:piOpPXoFc+Em+OUZhSa1+l11KE8gHMl4Ot4geMFY8mwNdLqFVmVPthY+p:cO1WcHm+gacP8Jft4g//QAVPth
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-