Extracted

• • Target

    5ddc7639a86c6272811ef5b3cbf06a2c

  • Size

    515KB

  • MD5

    5ddc7639a86c6272811ef5b3cbf06a2c

  • SHA1

    2efbb07cc0b65bd88598183cf88aa83adf2756e7

  • SHA256

    b29638fef231eba58ea2533bb14fc23362d2b85abe7e6387aca200a0c3a94f97

  • SHA512

    01d6ec8ea5ebba0dd7e0d99a2bfdcbb4c420ac74ac1a94b9b41537a285ae9e994d9082c2ece8767e4cc43f8e5094d6a59b3f304fe1a8931821d3932de3fde7b4

  • SSDEEP

    12288:l94+i7AV0Rp6XSNs6vwPwLDtpU6CO+blYB0+fj2psp60:l9PULsYCKk6CO+

  Score

  10^/10

  netwirebotnetratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2