General
-
Target
04670a7a3b1e740d9019aa3ca77e4cd37bb08ad3fc25abd150c8d0b70784b783
-
Size
725KB
-
Sample
221128-w1jgjabc8z
-
MD5
9b221a5e407da5e59976cdd73e204425
-
SHA1
6e5c84a4e49d296b7d3ec4a377653895eb2f82b5
-
SHA256
04670a7a3b1e740d9019aa3ca77e4cd37bb08ad3fc25abd150c8d0b70784b783
-
SHA512
6670e5084e608e015d9c32372b20a5bf02e705bce2af8d434a383e7bf700940ff136a8070d6c2cd8d3fc0c4732e0fc101781943701953a24d7dfc705a6a8a9a3
-
SSDEEP
12288:mK2mhAMJ/cPl5LMA2jpy98h7UZYE82Y5UKUL4n4y3Xp3SbSlI:H2O/Gl5PM17g6zwm4m53Sb2I
Malware Config
Targets
-
-
Target
04670a7a3b1e740d9019aa3ca77e4cd37bb08ad3fc25abd150c8d0b70784b783
-
Size
725KB
-
MD5
9b221a5e407da5e59976cdd73e204425
-
SHA1
6e5c84a4e49d296b7d3ec4a377653895eb2f82b5
-
SHA256
04670a7a3b1e740d9019aa3ca77e4cd37bb08ad3fc25abd150c8d0b70784b783
-
SHA512
6670e5084e608e015d9c32372b20a5bf02e705bce2af8d434a383e7bf700940ff136a8070d6c2cd8d3fc0c4732e0fc101781943701953a24d7dfc705a6a8a9a3
-
SSDEEP
12288:mK2mhAMJ/cPl5LMA2jpy98h7UZYE82Y5UKUL4n4y3Xp3SbSlI:H2O/Gl5PM17g6zwm4m53Sb2I
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-