General
-
Target
bbd8bfb4294a7764093ab934ecabe1f7147cfc539238c6426779786b6acd0651
-
Size
447KB
-
Sample
221128-qfed7aah6z
-
MD5
754411f368178a09f54d05158e7e17a3
-
SHA1
b781c408c69827af768eeca418f564e14eaf5eaf
-
SHA256
bbd8bfb4294a7764093ab934ecabe1f7147cfc539238c6426779786b6acd0651
-
SHA512
5d2083dbfc24efa11608ba443a8f2468685a11bda1502fed1c2774e737d64813f26723d8c8d16904cfe616746ad167b34c5c50936faf516934b6bcab113f8c7a
-
SSDEEP
6144:Wjjf/HVuwmguK4Fsz+XqfwXmP/R8evOYVw:WX1uJeu6fYg8evOYVw
Malware Config
Targets
-
-
Target
bbd8bfb4294a7764093ab934ecabe1f7147cfc539238c6426779786b6acd0651
-
Size
447KB
-
MD5
754411f368178a09f54d05158e7e17a3
-
SHA1
b781c408c69827af768eeca418f564e14eaf5eaf
-
SHA256
bbd8bfb4294a7764093ab934ecabe1f7147cfc539238c6426779786b6acd0651
-
SHA512
5d2083dbfc24efa11608ba443a8f2468685a11bda1502fed1c2774e737d64813f26723d8c8d16904cfe616746ad167b34c5c50936faf516934b6bcab113f8c7a
-
SSDEEP
6144:Wjjf/HVuwmguK4Fsz+XqfwXmP/R8evOYVw:WX1uJeu6fYg8evOYVw
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-