General
-
Target
bbd1ce2a74f6e12fa21e8aeb3bb55682
-
Size
1.3MB
-
Sample
240309-pr319afg39
-
MD5
bbd1ce2a74f6e12fa21e8aeb3bb55682
-
SHA1
a33778d7cfb8f2a1108e96a61cffe513d3e2474d
-
SHA256
11084f0e466c6e14a898cd1e806dcfddc4ae3c7819a617c3d0a54490989ba559
-
SHA512
696ed4730398ceb40dcb24b31c6cdc7b275e9847c931cceecd148ade23e98f1d33c940a6937ab91077bab6bf741b518a30be4c69443d65ddaec8e7dd6e32d6cc
-
SSDEEP
24576:oNVMrtDwm6k97VERFo9SZL2g3i/gs89UrmMnfk/iQ2+S0d:oArtDp99ZUkSZLHi/gsaU9fk/Pj
Malware Config
Extracted
netwire
night90.ddns.net:8999
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
New-stub
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
soHOGwSb
-
offline_keylogger
true
-
password
teamoluwa1
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
bbd1ce2a74f6e12fa21e8aeb3bb55682
-
Size
1.3MB
-
MD5
bbd1ce2a74f6e12fa21e8aeb3bb55682
-
SHA1
a33778d7cfb8f2a1108e96a61cffe513d3e2474d
-
SHA256
11084f0e466c6e14a898cd1e806dcfddc4ae3c7819a617c3d0a54490989ba559
-
SHA512
696ed4730398ceb40dcb24b31c6cdc7b275e9847c931cceecd148ade23e98f1d33c940a6937ab91077bab6bf741b518a30be4c69443d65ddaec8e7dd6e32d6cc
-
SSDEEP
24576:oNVMrtDwm6k97VERFo9SZL2g3i/gs89UrmMnfk/iQ2+S0d:oArtDp99ZUkSZLHi/gsaU9fk/Pj
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-