General
-
Target
823af0190dc3ae5d1952000b7f47e920472e1451b3f38441656f0c3e8ce6cbb4
-
Size
322KB
-
Sample
221127-rzt5eseb87
-
MD5
8c6786529c56bfe3802712e393a13e4c
-
SHA1
e88851e8fb9b948911616d4fad67e3f4b7b970af
-
SHA256
823af0190dc3ae5d1952000b7f47e920472e1451b3f38441656f0c3e8ce6cbb4
-
SHA512
769a5434ebc6079dbd9d056e6b31d1bcc7338bb209e376b6b02d85476348e9fff8d098c5dbdea9eb11e26d09ed6b2f619198aa1c02c68732a0bf29be6e21f46d
-
SSDEEP
3072:is9Poak1p9oc77gB2Iz3p2j1abSHLTXaUjxTsqu7oDE7wuTJOu:3PoDj9/EBnUpPXFBZl4Jl
Malware Config
Targets
-
-
Target
823af0190dc3ae5d1952000b7f47e920472e1451b3f38441656f0c3e8ce6cbb4
-
Size
322KB
-
MD5
8c6786529c56bfe3802712e393a13e4c
-
SHA1
e88851e8fb9b948911616d4fad67e3f4b7b970af
-
SHA256
823af0190dc3ae5d1952000b7f47e920472e1451b3f38441656f0c3e8ce6cbb4
-
SHA512
769a5434ebc6079dbd9d056e6b31d1bcc7338bb209e376b6b02d85476348e9fff8d098c5dbdea9eb11e26d09ed6b2f619198aa1c02c68732a0bf29be6e21f46d
-
SSDEEP
3072:is9Poak1p9oc77gB2Iz3p2j1abSHLTXaUjxTsqu7oDE7wuTJOu:3PoDj9/EBnUpPXFBZl4Jl
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
UAC bypass
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-