General
-
Target
28eb29aabfe6c68511909945bd976616
-
Size
598KB
-
Sample
231231-fhjrksffgr
-
MD5
28eb29aabfe6c68511909945bd976616
-
SHA1
9c5d926e524ede76bb2dd6036b303200913f951d
-
SHA256
8a26342451ab7905a025df6591bb15c0cae7fbb80267370df236e40286ee6d93
-
SHA512
d1c9ba8e2300db7c5b6c75d769360bab8e8e87cfe71f17e31c574a71b36c8f2b00385b3e1f2bfc1263c0293db2f09e4f8594759a0bc7ff934b5bf5b1cbf26a7e
-
SSDEEP
12288:rJz0TrCqVM8UoAs4fg4xbFs9lLaAgev1pS4aCkFdqri9VWQMkbx/yMFqNfuw:FirCkUo8fLBqmze9pS4a7qu9VdMkbIM8
Malware Config
Extracted
netwire
automan.duckdns.org:3382
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
HDPAYslj
-
offline_keylogger
true
-
password
onelove82
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
true
Targets
-
-
Target
28eb29aabfe6c68511909945bd976616
-
Size
598KB
-
MD5
28eb29aabfe6c68511909945bd976616
-
SHA1
9c5d926e524ede76bb2dd6036b303200913f951d
-
SHA256
8a26342451ab7905a025df6591bb15c0cae7fbb80267370df236e40286ee6d93
-
SHA512
d1c9ba8e2300db7c5b6c75d769360bab8e8e87cfe71f17e31c574a71b36c8f2b00385b3e1f2bfc1263c0293db2f09e4f8594759a0bc7ff934b5bf5b1cbf26a7e
-
SSDEEP
12288:rJz0TrCqVM8UoAs4fg4xbFs9lLaAgev1pS4aCkFdqri9VWQMkbx/yMFqNfuw:FirCkUo8fLBqmze9pS4a7qu9VdMkbIM8
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-