General
-
Target
e9453c2bb2511fbb6e9e0d27beeddb5602f08cddd26022b36e756ecd3edfd0c8
-
Size
1.1MB
-
Sample
221128-kkrmesee91
-
MD5
580f1b384fe4aa7646a51775c2521a1b
-
SHA1
092dd20627d03b35064ddc8381be9c63dbdbac57
-
SHA256
e9453c2bb2511fbb6e9e0d27beeddb5602f08cddd26022b36e756ecd3edfd0c8
-
SHA512
3374b1d0fe89aff7fcc3c105f73eda716330f7024f0b616fa44171e6e70cd7dc168a6558cd8c57cac7a59835f2d2c7973608cf134a79168fe4890cb64a0042ef
-
SSDEEP
12288:ljy055i/LxmIx+Nmd+Qg+0Xi5qE2lTyG9tl:PwxmIx+Nmcxty4E20Gt
Malware Config
Targets
-
-
Target
e9453c2bb2511fbb6e9e0d27beeddb5602f08cddd26022b36e756ecd3edfd0c8
-
Size
1.1MB
-
MD5
580f1b384fe4aa7646a51775c2521a1b
-
SHA1
092dd20627d03b35064ddc8381be9c63dbdbac57
-
SHA256
e9453c2bb2511fbb6e9e0d27beeddb5602f08cddd26022b36e756ecd3edfd0c8
-
SHA512
3374b1d0fe89aff7fcc3c105f73eda716330f7024f0b616fa44171e6e70cd7dc168a6558cd8c57cac7a59835f2d2c7973608cf134a79168fe4890cb64a0042ef
-
SSDEEP
12288:ljy055i/LxmIx+Nmd+Qg+0Xi5qE2lTyG9tl:PwxmIx+Nmcxty4E20Gt
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-