General
-
Target
3a391690055e204f6529d457f0b853e1
-
Size
395KB
-
Sample
231231-r4zkpsbad8
-
MD5
3a391690055e204f6529d457f0b853e1
-
SHA1
6fd780b87a40cf4e53c9753816e2a6e936874751
-
SHA256
d4f4db9b1a68038b8d1a8f5e775f05bb8de7d8c4d99c55d3f4ca433812006546
-
SHA512
96c4571abc83adb1ef7c90cd9a6d82c4d3d594a4bc715e16530a865dfaaf60076d9a3339eb90f04584d1fe4ed2f99c994e2446d6524ea9ea13dba4c441d16b28
-
SSDEEP
6144:RqjIReFkChRrQtxpTY0CfYvzUKhiStGyME5zA/u1vRrV:49keQNTY0CAvzUGYn0zAMZ
Malware Config
Extracted
netwire
warin.hopto.org:4320
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3a391690055e204f6529d457f0b853e1
-
Size
395KB
-
MD5
3a391690055e204f6529d457f0b853e1
-
SHA1
6fd780b87a40cf4e53c9753816e2a6e936874751
-
SHA256
d4f4db9b1a68038b8d1a8f5e775f05bb8de7d8c4d99c55d3f4ca433812006546
-
SHA512
96c4571abc83adb1ef7c90cd9a6d82c4d3d594a4bc715e16530a865dfaaf60076d9a3339eb90f04584d1fe4ed2f99c994e2446d6524ea9ea13dba4c441d16b28
-
SSDEEP
6144:RqjIReFkChRrQtxpTY0CfYvzUKhiStGyME5zA/u1vRrV:49keQNTY0CAvzUGYn0zAMZ
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-