General
-
Target
a6d4e39429984f7a4d39a08e662cd0c9
-
Size
531KB
-
Sample
240226-t7cw8abd2z
-
MD5
a6d4e39429984f7a4d39a08e662cd0c9
-
SHA1
af1bcd0ef9d01b633bbb5136f0a3763465c968fe
-
SHA256
43172b4c057c13284ff9409e7e9602403dc91c6eb7702a1e653fd26213ad462f
-
SHA512
96b5629c72f90e9267372e46e189926d268598c7bad4af465c5eb3727d4e0b235ff8a0d5098f90ebf3af8612f738024a4ede6fab361da14adb97643fe026cebc
-
SSDEEP
12288:Blp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXOr8rR+XcExv:AluWQ
Malware Config
Extracted
netwire
193.23.127.96:5004
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
BILLAZ
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
a6d4e39429984f7a4d39a08e662cd0c9
-
Size
531KB
-
MD5
a6d4e39429984f7a4d39a08e662cd0c9
-
SHA1
af1bcd0ef9d01b633bbb5136f0a3763465c968fe
-
SHA256
43172b4c057c13284ff9409e7e9602403dc91c6eb7702a1e653fd26213ad462f
-
SHA512
96b5629c72f90e9267372e46e189926d268598c7bad4af465c5eb3727d4e0b235ff8a0d5098f90ebf3af8612f738024a4ede6fab361da14adb97643fe026cebc
-
SSDEEP
12288:Blp+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvXOr8rR+XcExv:AluWQ
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-