General
-
Target
d496215fe5d301f81e4f0ca61d807b98
-
Size
402KB
-
Sample
240318-1g5b4sbc8y
-
MD5
d496215fe5d301f81e4f0ca61d807b98
-
SHA1
32c2e8d42051198c41fbe99de5da8d5cfd15d724
-
SHA256
3339e4e6b5d8d63f8cccda9ae91f59aac5832669ca0b68b8c8f9c163b5f80dbd
-
SHA512
ab8f48735d745eaa8232773dd735ee08b934bf75e83b460a436b3fd3026c2cd032deb7cac5ef1c094f4aac91bec05cf7b9129ad61051d0263f15aa808a9ff948
-
SSDEEP
6144:P+7PDE5m+7ihB/Mxmcw0UIbOb1hsn4TFfrNK26:IPDFwU5h24T90
Malware Config
Extracted
netwire
globalpersonaldns.ddns.net:54984
personalpractice1.hopto.org:54984
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
clients
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
vQSrxiLN
-
offline_keylogger
true
-
password
checkmate123
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
d496215fe5d301f81e4f0ca61d807b98
-
Size
402KB
-
MD5
d496215fe5d301f81e4f0ca61d807b98
-
SHA1
32c2e8d42051198c41fbe99de5da8d5cfd15d724
-
SHA256
3339e4e6b5d8d63f8cccda9ae91f59aac5832669ca0b68b8c8f9c163b5f80dbd
-
SHA512
ab8f48735d745eaa8232773dd735ee08b934bf75e83b460a436b3fd3026c2cd032deb7cac5ef1c094f4aac91bec05cf7b9129ad61051d0263f15aa808a9ff948
-
SSDEEP
6144:P+7PDE5m+7ihB/Mxmcw0UIbOb1hsn4TFfrNK26:IPDFwU5h24T90
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-