General
-
Target
f1796f21deed0f3b6b6d48632e95a67a3c677ebb4a5c170cfa39b7ce6c92c83c
-
Size
916KB
-
Sample
221128-ed42aagg21
-
MD5
7cf3347c350a02b5631ff0897746a7f6
-
SHA1
839d21fe675706bf1e0e4baa8ecc824c857a3a75
-
SHA256
f1796f21deed0f3b6b6d48632e95a67a3c677ebb4a5c170cfa39b7ce6c92c83c
-
SHA512
235b3162ceb0768b19f77ceaf8db0065d15943ff4ba138bb3991872528640f9a9e3a937b4060bba76a3f29bb2caa98f0f5c632c206add828a2c96702fffb6c42
-
SSDEEP
12288:mK2mhAMJ/cPlDXXFEh8h7UZYE82Y5UKUL4n4y3Xp3SbSlEeG7:H2O/GlDF77g6zwm4m53Sb2Ez
Malware Config
Targets
-
-
Target
f1796f21deed0f3b6b6d48632e95a67a3c677ebb4a5c170cfa39b7ce6c92c83c
-
Size
916KB
-
MD5
7cf3347c350a02b5631ff0897746a7f6
-
SHA1
839d21fe675706bf1e0e4baa8ecc824c857a3a75
-
SHA256
f1796f21deed0f3b6b6d48632e95a67a3c677ebb4a5c170cfa39b7ce6c92c83c
-
SHA512
235b3162ceb0768b19f77ceaf8db0065d15943ff4ba138bb3991872528640f9a9e3a937b4060bba76a3f29bb2caa98f0f5c632c206add828a2c96702fffb6c42
-
SSDEEP
12288:mK2mhAMJ/cPlDXXFEh8h7UZYE82Y5UKUL4n4y3Xp3SbSlEeG7:H2O/GlDF77g6zwm4m53Sb2Ez
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-