General
-
Target
e0143cf54d109163f0f807816907b3e375170dd9ce576164a519efba66983459_timedlll.exe
-
Size
484KB
-
Sample
230120-hafq3ace4y
-
MD5
8f18d06bd4d22a313565373d9e638ebc
-
SHA1
9e83aa2284e2c2094d649b909d50b885c4193fe5
-
SHA256
e0143cf54d109163f0f807816907b3e375170dd9ce576164a519efba66983459
-
SHA512
efd124190ccef60f2826e0a608dbc5d2c5f9d75a57c0eb2dec874592e6bc8f5a38155e6b81590c038a6a1009fa93e410daa5cb01f15a1f2ee4340ab98a9702c8
-
SSDEEP
6144:ql41F6zaFhj4pgKTmUK5vN5vdKrV1T8xt2+ilHsPerH6inevq4Wl:ql46Qhj4prSpVRduVJ8++9mrLevzWl
Malware Config
Extracted
netwire
185.145.45.41:3368
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
fuwqWcrJ
-
offline_keylogger
true
-
password
Gentle123
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
e0143cf54d109163f0f807816907b3e375170dd9ce576164a519efba66983459_timedlll.exe
-
Size
484KB
-
MD5
8f18d06bd4d22a313565373d9e638ebc
-
SHA1
9e83aa2284e2c2094d649b909d50b885c4193fe5
-
SHA256
e0143cf54d109163f0f807816907b3e375170dd9ce576164a519efba66983459
-
SHA512
efd124190ccef60f2826e0a608dbc5d2c5f9d75a57c0eb2dec874592e6bc8f5a38155e6b81590c038a6a1009fa93e410daa5cb01f15a1f2ee4340ab98a9702c8
-
SSDEEP
6144:ql41F6zaFhj4pgKTmUK5vN5vdKrV1T8xt2+ilHsPerH6inevq4Wl:ql46Qhj4prSpVRduVJ8++9mrLevzWl
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-