General
-
Target
330030200cc5fef9c401ea03f4e059edf0ed4ed796a85e1c47811fe3c357a82d
-
Size
259KB
-
Sample
230129-1vjybsed64
-
MD5
97f6dd2d43b776c7f9f7f8d985a0b402
-
SHA1
7462e4bdeae43fe70ed0f93c9c30eeecff920e3b
-
SHA256
330030200cc5fef9c401ea03f4e059edf0ed4ed796a85e1c47811fe3c357a82d
-
SHA512
9b10cfddeadaabba0ffc16e1cd20e9f2e2e6c09d72defa1d5a4c7359e2ab5ebcbe5fe1f3854718ea84a32b15f353038e81f85bf31379410142a941ac379168b0
-
SSDEEP
6144:9uVa4A3EhKoeM0sOQzu0zASuFv11XVK18b9cX665eu/88e3XSdx9pV:sa4A3EY30zAdRSa9cXJ5D88eHSdxf
Malware Config
Extracted
netwire
wealthyjamesbond.ddns.net:39560
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
sunshineslisa
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\Imgburn\
-
lock_executable
false
-
mutex
TBChOWFk
-
offline_keylogger
true
-
password
sucess
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
330030200cc5fef9c401ea03f4e059edf0ed4ed796a85e1c47811fe3c357a82d
-
Size
259KB
-
MD5
97f6dd2d43b776c7f9f7f8d985a0b402
-
SHA1
7462e4bdeae43fe70ed0f93c9c30eeecff920e3b
-
SHA256
330030200cc5fef9c401ea03f4e059edf0ed4ed796a85e1c47811fe3c357a82d
-
SHA512
9b10cfddeadaabba0ffc16e1cd20e9f2e2e6c09d72defa1d5a4c7359e2ab5ebcbe5fe1f3854718ea84a32b15f353038e81f85bf31379410142a941ac379168b0
-
SSDEEP
6144:9uVa4A3EhKoeM0sOQzu0zASuFv11XVK18b9cX665eu/88e3XSdx9pV:sa4A3EY30zAdRSa9cXJ5D88eHSdxf
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-