General
-
Target
7d27252ef87acae8a2b583d920e52d8210ee69c4f9591ed20de1cfd55bf01650
-
Size
257KB
-
Sample
221130-rpprysgg45
-
MD5
d699e0316ff32d7b7d551ad6abface4c
-
SHA1
789f7e7ada8f769ac4709a74cf16c2a086f595e9
-
SHA256
7d27252ef87acae8a2b583d920e52d8210ee69c4f9591ed20de1cfd55bf01650
-
SHA512
e8d35c8acd950fcc3d81eb5a3b1047723d68b5de8906d825787ab87add3796abe700271fb666190732538e740b345c60a3a5fce8d0f79ac210abdcd536fc9fd1
-
SSDEEP
6144:5V6vBUSGrwSKVICKku8IF0j0KngiDyP5/x3:5VvSGrwSKqbF8IF08iuP/3
Malware Config
Extracted
netwire
extensions14718.sytes.net:3324
extensions14718sec.sytes.net:3324
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
YbcwLUQv
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
7d27252ef87acae8a2b583d920e52d8210ee69c4f9591ed20de1cfd55bf01650
-
Size
257KB
-
MD5
d699e0316ff32d7b7d551ad6abface4c
-
SHA1
789f7e7ada8f769ac4709a74cf16c2a086f595e9
-
SHA256
7d27252ef87acae8a2b583d920e52d8210ee69c4f9591ed20de1cfd55bf01650
-
SHA512
e8d35c8acd950fcc3d81eb5a3b1047723d68b5de8906d825787ab87add3796abe700271fb666190732538e740b345c60a3a5fce8d0f79ac210abdcd536fc9fd1
-
SSDEEP
6144:5V6vBUSGrwSKVICKku8IF0j0KngiDyP5/x3:5VvSGrwSKqbF8IF08iuP/3
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-