General
-
Target
13582886598.zip
-
Size
195KB
-
Sample
231213-vbh9ssggg2
-
MD5
dc7acb736eec86bc66dae3bd941f988f
-
SHA1
f9fcdcb4e3345bbdda64e95ff747b510dc46d490
-
SHA256
dcc4af519ed021c7b1c594cf1104a6b838429d1cb3ca47e02cc9bc6c8769d06f
-
SHA512
53b07162ecd740c87a03f30dce98fc0c81076d7c262b12ed86ad83ee0e413a541a1a1e6a0bfe0a7e1251ac3ab6248d9c45ed883ef153ff2e4a0183e701454568
-
SSDEEP
3072:lHA+j5pipmX9zURCznhJ/2uw2rCefZzNsJJHhXOWASh5IGHLWlxqSLFOjdrCqFX7:lHNUmZOKYbXfNlHLWlxqSLFuLivK
Malware Config
Extracted
netwire
juham.100chickens.me:6969
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
OkhNuHjk
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
034b4f536122bfd18c63918b463df212ad9a43bd753484a6e93d353e712d7d78
-
Size
696KB
-
MD5
f0f69339679c29c7e62f98a53c86f957
-
SHA1
4ff06109a2909749c7fee2b23b075318aa0a2761
-
SHA256
034b4f536122bfd18c63918b463df212ad9a43bd753484a6e93d353e712d7d78
-
SHA512
aadde0074978e29c03c27428651e6cb21ea5afcf62a232ae6f19df6cc9fec3e8b5ec5d8d26b00718d8385083b8b6fca40d702fbabe525e0d982b159d6c818036
-
SSDEEP
3072:eV4rwV8Tqs77pmODtp8w/DrOCFZNTqz2ssM8oHZakAKXRdBlXKjNXFwycvxo0s5C:eVS77p982P7NG32KB1X22ycpozAzAti
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-