General
-
Target
q.exe
-
Size
501KB
-
Sample
230530-p9bpqahf58
-
MD5
652fc19577a1b15de08758d231c5d591
-
SHA1
cd34ebea61157a9071408c9011e7e550dcd59afe
-
SHA256
f87a8af81a0a503f1d8471fd0aa278ab1c58ded1adb6d5c7f77d8146b2024dc6
-
SHA512
ebb13dcd595d04ee491dfbec4c45cb5d7304769fa7a50d529cebaa39a2cb07af9a10c56d35402ef15797da51ae2dc72ad03affc8af9d3316d185f542053e91e0
-
SSDEEP
6144:FSUomEUi3+sMZ3xEYIrQ3XFhFnI1ow+/d0PkDRR197wVxbpHOmxr24jITMb2eqGM:wUomEFRu3xEPEZIhARngjQT/dGM
Malware Config
Extracted
netwire
194.5.99.181:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
q.exe
-
Size
501KB
-
MD5
652fc19577a1b15de08758d231c5d591
-
SHA1
cd34ebea61157a9071408c9011e7e550dcd59afe
-
SHA256
f87a8af81a0a503f1d8471fd0aa278ab1c58ded1adb6d5c7f77d8146b2024dc6
-
SHA512
ebb13dcd595d04ee491dfbec4c45cb5d7304769fa7a50d529cebaa39a2cb07af9a10c56d35402ef15797da51ae2dc72ad03affc8af9d3316d185f542053e91e0
-
SSDEEP
6144:FSUomEUi3+sMZ3xEYIrQ3XFhFnI1ow+/d0PkDRR197wVxbpHOmxr24jITMb2eqGM:wUomEFRu3xEPEZIhARngjQT/dGM
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-