General
-
Target
19b0fb5e861338f6b7ee3ec086da1181
-
Size
716KB
-
Sample
231230-qh3vkafcgp
-
MD5
19b0fb5e861338f6b7ee3ec086da1181
-
SHA1
dd4410570e2518b18594d07f17b8642a85b33c89
-
SHA256
bdd94f6c8e2e63713ac295bd5b934ee2b182569f5c58bb3786b131e2b001b46d
-
SHA512
f54ba1e84a926e4813911e4028dea91fa9b84ebff7a49f5031bb8182a87bbe8e56ad17aee141433d802715a737a4056de2e3897fae90a127872c2b8ff508cb75
-
SSDEEP
12288:CjeIhPtYaerhkngmJ39+I0yTVYpBKsc/+smDWE3eUu6Yaer:Y7MrhBe39XX38seqUmr
Malware Config
Extracted
netwire
193.23.127.96:5004
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
MENGX
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
19b0fb5e861338f6b7ee3ec086da1181
-
Size
716KB
-
MD5
19b0fb5e861338f6b7ee3ec086da1181
-
SHA1
dd4410570e2518b18594d07f17b8642a85b33c89
-
SHA256
bdd94f6c8e2e63713ac295bd5b934ee2b182569f5c58bb3786b131e2b001b46d
-
SHA512
f54ba1e84a926e4813911e4028dea91fa9b84ebff7a49f5031bb8182a87bbe8e56ad17aee141433d802715a737a4056de2e3897fae90a127872c2b8ff508cb75
-
SSDEEP
12288:CjeIhPtYaerhkngmJ39+I0yTVYpBKsc/+smDWE3eUu6Yaer:Y7MrhBe39XX38seqUmr
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-