General
-
Target
cac8fe9363cd9e2a31aeb383fe2df3800a4ca35edbe9c697093a13f1067f0292
-
Size
120KB
-
Sample
221206-sgj26scb8z
-
MD5
0a3769db6a54f333863175a07dd9087f
-
SHA1
f7ec8045756e4ba3af748fef35590aa41766454c
-
SHA256
cac8fe9363cd9e2a31aeb383fe2df3800a4ca35edbe9c697093a13f1067f0292
-
SHA512
9315eb828d82ddecf54e2675ee495d481dcfe88e515dd41ccd8da1a0914b7cfad529027503700b05787fdb230fd5e646e82f3d43342723bd08cb5241de3ec572
-
SSDEEP
1536:m5Tzro/5XkgEUs6MB0nUQP9TswNnZ7UgIoDlklyEYwuoVMG5W7QZg7II/CwDPTxU:AO5Xk7Us6NnVACZpNklyBG5iWItD92v
Malware Config
Targets
-
-
Target
cac8fe9363cd9e2a31aeb383fe2df3800a4ca35edbe9c697093a13f1067f0292
-
Size
120KB
-
MD5
0a3769db6a54f333863175a07dd9087f
-
SHA1
f7ec8045756e4ba3af748fef35590aa41766454c
-
SHA256
cac8fe9363cd9e2a31aeb383fe2df3800a4ca35edbe9c697093a13f1067f0292
-
SHA512
9315eb828d82ddecf54e2675ee495d481dcfe88e515dd41ccd8da1a0914b7cfad529027503700b05787fdb230fd5e646e82f3d43342723bd08cb5241de3ec572
-
SSDEEP
1536:m5Tzro/5XkgEUs6MB0nUQP9TswNnZ7UgIoDlklyEYwuoVMG5W7QZg7II/CwDPTxU:AO5Xk7Us6NnVACZpNklyBG5iWItD92v
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-