General
-
Target
467ef57122a909dadc6824af7c479e429cbd53428edece7472eec5993c2568d6
-
Size
750KB
-
Sample
230210-he2jbsfa21
-
MD5
278373101cd2d204770e3c8a364eab7f
-
SHA1
4f693009a539fa5179ac1d0e9c52e9f9f87c8032
-
SHA256
467ef57122a909dadc6824af7c479e429cbd53428edece7472eec5993c2568d6
-
SHA512
a9cfe1ce7ca9e10c78c2aaff8175a24567a378ebd0f45802ad63bd590c3b23b1d59be8cd35a32d5bba334dacdc93accba9169c00110a922cc705889963cd101d
-
SSDEEP
12288:YYzfWMiSSSSSSSSSSSSSSSS8SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSh:YYr7iSSSSSSSSSSSSSSSS8SSSSSSSSS5
Malware Config
Extracted
netwire
oneness.duckdns.org:3368
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
INFLOWS
-
lock_executable
false
-
offline_keylogger
false
-
password
Shedyville
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
467ef57122a909dadc6824af7c479e429cbd53428edece7472eec5993c2568d6
-
Size
750KB
-
MD5
278373101cd2d204770e3c8a364eab7f
-
SHA1
4f693009a539fa5179ac1d0e9c52e9f9f87c8032
-
SHA256
467ef57122a909dadc6824af7c479e429cbd53428edece7472eec5993c2568d6
-
SHA512
a9cfe1ce7ca9e10c78c2aaff8175a24567a378ebd0f45802ad63bd590c3b23b1d59be8cd35a32d5bba334dacdc93accba9169c00110a922cc705889963cd101d
-
SSDEEP
12288:YYzfWMiSSSSSSSSSSSSSSSS8SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSh:YYr7iSSSSSSSSSSSSSSSS8SSSSSSSSS5
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-