Extracted

• • Target

    326b237d1f819edd5ea19acee3024aaa

  • Size

    583KB

  • MD5

    326b237d1f819edd5ea19acee3024aaa

  • SHA1

    e3d9944f861bc7c45d90412f65b5a209338421e8

  • SHA256

    cc006f644e2b0f749f19d035d0d1e31989c20c23ad451bfcd3bad2e92855d852

  • SHA512

    d529bce4b0df17138d0da46f85377aaa0bd35edd922e38f580d025daa7b1aeb6ff3c0a3d78d70c5a1170a734f614bf3cbe3b67b52355286ab6a9d098dd15b0b3

  • SSDEEP

    12288:FGN25zHA8PnKyawsk62JG4i5FTTv22mhwTJwr9yzIHZD725qEPen2Vu:F42pH5nXnJnsNb22me49yzIHZD7

  Score

  10^/10

  netwirebotnetratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2