General
-
Target
b89a9dbf26b3cceb1f82e7a14813accdfd1cf5c8ca26a34f5935366dddca327f
-
Size
226KB
-
Sample
221127-zelljsgb43
-
MD5
2209179fc46433de9f9ab46ee55c48a0
-
SHA1
5a5d6c7b70b4687a0630131f233706f839c5dbb3
-
SHA256
b89a9dbf26b3cceb1f82e7a14813accdfd1cf5c8ca26a34f5935366dddca327f
-
SHA512
eacc5794c6a3a47598a9bb082451c07c992e3f39e4c3cba03d4e72ae5046e21673f207645310684fa5d51f910eb3004ef10450a9ff829ce8bb22b682c8d774c0
-
SSDEEP
6144:K3O2/nxB9svk/4GqLwjNzIBnAdRhRxn9wFpa9R:Ke2/nx4M0LwjBmAf7xnSTa9
Malware Config
Targets
-
-
Target
b89a9dbf26b3cceb1f82e7a14813accdfd1cf5c8ca26a34f5935366dddca327f
-
Size
226KB
-
MD5
2209179fc46433de9f9ab46ee55c48a0
-
SHA1
5a5d6c7b70b4687a0630131f233706f839c5dbb3
-
SHA256
b89a9dbf26b3cceb1f82e7a14813accdfd1cf5c8ca26a34f5935366dddca327f
-
SHA512
eacc5794c6a3a47598a9bb082451c07c992e3f39e4c3cba03d4e72ae5046e21673f207645310684fa5d51f910eb3004ef10450a9ff829ce8bb22b682c8d774c0
-
SSDEEP
6144:K3O2/nxB9svk/4GqLwjNzIBnAdRhRxn9wFpa9R:Ke2/nx4M0LwjBmAf7xnSTa9
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
UAC bypass
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-