General
-
Target
0ea7636fde41771f7c286e7f9bd2ded83c5f5f32d9990ada547051fa33e8748f
-
Size
235KB
-
Sample
221130-vxlxtaae26
-
MD5
d79664fd4738c91aa3e960ec88ced137
-
SHA1
2e0b5e5a6401d32249ba9c23dd9e3cf9c45d7aac
-
SHA256
0ea7636fde41771f7c286e7f9bd2ded83c5f5f32d9990ada547051fa33e8748f
-
SHA512
e6f527893679fbacf6ecf6f91d8a600238ebfb6c6dc3b0f148e0a6f862b8f1172702c3b0edbc16bbdd8e76a76042c1453f35c249901d461e0253b9eff1b1137e
-
SSDEEP
6144:ZbEt6wTeQmG3DJJvtu8ScAVZEFFWhDNDSPB6VKYGM:qLzN37vtTKcFMDNDSPB6V3G
Malware Config
Extracted
netwire
porshe.camdvr.org:1603
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
0ea7636fde41771f7c286e7f9bd2ded83c5f5f32d9990ada547051fa33e8748f
-
Size
235KB
-
MD5
d79664fd4738c91aa3e960ec88ced137
-
SHA1
2e0b5e5a6401d32249ba9c23dd9e3cf9c45d7aac
-
SHA256
0ea7636fde41771f7c286e7f9bd2ded83c5f5f32d9990ada547051fa33e8748f
-
SHA512
e6f527893679fbacf6ecf6f91d8a600238ebfb6c6dc3b0f148e0a6f862b8f1172702c3b0edbc16bbdd8e76a76042c1453f35c249901d461e0253b9eff1b1137e
-
SSDEEP
6144:ZbEt6wTeQmG3DJJvtu8ScAVZEFFWhDNDSPB6VKYGM:qLzN37vtTKcFMDNDSPB6V3G
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Suspicious use of SetThreadContext
-