General
-
Target
a923395b78f63b0331250ad82ffd19de333b91906a4de78d11752e3fc32d99fb
-
Size
377KB
-
Sample
221128-xwes8adh71
-
MD5
c24b5eb6a9f0ba38c55cf416a185ab4d
-
SHA1
c96031fe6c3da65f3780ba63a3509b7e9b346829
-
SHA256
a923395b78f63b0331250ad82ffd19de333b91906a4de78d11752e3fc32d99fb
-
SHA512
afa2957b4dca0ff46a51ba9395b4193fdb09470eec8464cf0b79c31662ead87870bbfbaa0b6b86bff4463199502748a748bc61be961b46bf203749de32dac846
-
SSDEEP
6144:278AR98NXE85WQ7Cv7CCbMLH69/JmBCsFVcRifr1:278Y8vWQ7WoLHGhIF
Malware Config
Targets
-
-
Target
a923395b78f63b0331250ad82ffd19de333b91906a4de78d11752e3fc32d99fb
-
Size
377KB
-
MD5
c24b5eb6a9f0ba38c55cf416a185ab4d
-
SHA1
c96031fe6c3da65f3780ba63a3509b7e9b346829
-
SHA256
a923395b78f63b0331250ad82ffd19de333b91906a4de78d11752e3fc32d99fb
-
SHA512
afa2957b4dca0ff46a51ba9395b4193fdb09470eec8464cf0b79c31662ead87870bbfbaa0b6b86bff4463199502748a748bc61be961b46bf203749de32dac846
-
SSDEEP
6144:278AR98NXE85WQ7Cv7CCbMLH69/JmBCsFVcRifr1:278Y8vWQ7WoLHGhIF
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-