General
-
Target
e6070636712b78e3090af9950d827e753dda9ef5e00b6c1ba44dacf699019d7f
-
Size
289KB
-
Sample
230129-y77ttade7v
-
MD5
66af9d7fad140a1419ce8f3d0bdb1bdf
-
SHA1
e608b651540460390916bb7fa28aab035a9d21af
-
SHA256
e6070636712b78e3090af9950d827e753dda9ef5e00b6c1ba44dacf699019d7f
-
SHA512
b1cc8309a2b568e1433e4ec629f80335c36f7701890ac8703f7c6134e83aa87c8f007fa7510f685004c06a2417cfba57940153b7a131a4d364c28a2d2a745755
-
SSDEEP
6144:Mb9yVQu5dZwkwpHKSgGOZVh4rpoSPB6VKYGlnbnrfnnnGFnfnnnvuMonnnnnfnnX:x6UQ3pHcGOzqrGSPB6V3G7eO
Malware Config
Extracted
netwire
porshe.camdvr.org:1603
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
e6070636712b78e3090af9950d827e753dda9ef5e00b6c1ba44dacf699019d7f
-
Size
289KB
-
MD5
66af9d7fad140a1419ce8f3d0bdb1bdf
-
SHA1
e608b651540460390916bb7fa28aab035a9d21af
-
SHA256
e6070636712b78e3090af9950d827e753dda9ef5e00b6c1ba44dacf699019d7f
-
SHA512
b1cc8309a2b568e1433e4ec629f80335c36f7701890ac8703f7c6134e83aa87c8f007fa7510f685004c06a2417cfba57940153b7a131a4d364c28a2d2a745755
-
SSDEEP
6144:Mb9yVQu5dZwkwpHKSgGOZVh4rpoSPB6VKYGlnbnrfnnnGFnfnnnvuMonnnnnfnnX:x6UQ3pHcGOzqrGSPB6V3G7eO
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Suspicious use of SetThreadContext
-