General
-
Target
2b9921ac79908737bfe2ccef8f3d5741b3e520d9141732ac2b4512944f1cd75a
-
Size
122KB
-
Sample
221128-qmgg5abd5x
-
MD5
9ff5d58cf0757ff0bf356c49680f0cc3
-
SHA1
9ca1083de077af72213b9bdaa92a0da435ccbf56
-
SHA256
2b9921ac79908737bfe2ccef8f3d5741b3e520d9141732ac2b4512944f1cd75a
-
SHA512
db17686a2821011af6bfe4f0e371a5d234ba5467d987530fb38d0c69b5616c2026e9f6304e5e62f3297ff78cc2971011db87daf9a735f81f1a3d12a13e250214
-
SSDEEP
3072:gM1BjoYNXoKDIJBXJPtWrSxKubAAU5xqvfjmnKmpmc/6tXJRiT:gMMYNXqBBsuxKubAAUE7OKmB/GXJRiT
Malware Config
Targets
-
-
Target
2b9921ac79908737bfe2ccef8f3d5741b3e520d9141732ac2b4512944f1cd75a
-
Size
122KB
-
MD5
9ff5d58cf0757ff0bf356c49680f0cc3
-
SHA1
9ca1083de077af72213b9bdaa92a0da435ccbf56
-
SHA256
2b9921ac79908737bfe2ccef8f3d5741b3e520d9141732ac2b4512944f1cd75a
-
SHA512
db17686a2821011af6bfe4f0e371a5d234ba5467d987530fb38d0c69b5616c2026e9f6304e5e62f3297ff78cc2971011db87daf9a735f81f1a3d12a13e250214
-
SSDEEP
3072:gM1BjoYNXoKDIJBXJPtWrSxKubAAU5xqvfjmnKmpmc/6tXJRiT:gMMYNXqBBsuxKubAAUE7OKmB/GXJRiT
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-