General
-
Target
68aa0631eab215747c8e65ae0428ad2de586abe0ece18d271786c7e7ef45137b
-
Size
136KB
-
Sample
221128-btff3sde82
-
MD5
21b289e88c52899e189bd93995cd4f45
-
SHA1
4b73d5200538d31d5a8aebab6ca2387df4489d96
-
SHA256
68aa0631eab215747c8e65ae0428ad2de586abe0ece18d271786c7e7ef45137b
-
SHA512
013b6644a35bf5611dec48886c177552170b1ac02ae88a5218ce76a6082d664b5c27de61843576679af3f5ba4d95fcc3ca67e65790052bcee52d71eef439f703
-
SSDEEP
3072:RM+9i7SFCIXJZHWYekfrwKQjSs2cRgIuabx0AW9CVcpdPdMJ:RMTCP2YhfrwKQjSYgIuEeAKnLs
Malware Config
Targets
-
-
Target
68aa0631eab215747c8e65ae0428ad2de586abe0ece18d271786c7e7ef45137b
-
Size
136KB
-
MD5
21b289e88c52899e189bd93995cd4f45
-
SHA1
4b73d5200538d31d5a8aebab6ca2387df4489d96
-
SHA256
68aa0631eab215747c8e65ae0428ad2de586abe0ece18d271786c7e7ef45137b
-
SHA512
013b6644a35bf5611dec48886c177552170b1ac02ae88a5218ce76a6082d664b5c27de61843576679af3f5ba4d95fcc3ca67e65790052bcee52d71eef439f703
-
SSDEEP
3072:RM+9i7SFCIXJZHWYekfrwKQjSs2cRgIuabx0AW9CVcpdPdMJ:RMTCP2YhfrwKQjSYgIuEeAKnLs
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-