General
-
Target
4dbb425ffb7d19f5f1f21d2dec7debde_JaffaCakes118
-
Size
428KB
-
Sample
240331-flfjbsea9x
-
MD5
4dbb425ffb7d19f5f1f21d2dec7debde
-
SHA1
8a478e6c6445bf614780a8e1475512a7ed7d6ef2
-
SHA256
2ca2abda19a7c835b993e6abd1b8e1c3595dd70ca41b7003cc9f59da54b7d60a
-
SHA512
0511a482a34f92b186c595a69698791efeb07680af940f4e3340c82182e38f1938ee1cc0816a3694dfef13dd78fa882712bdc5ef9a528c001d970387fe7c9680
-
SSDEEP
6144:Oo52R+7qeqtWqaITaUx55ADZA9AjL2v4qtfyRCkruCLbp5E3Auv4wdk:fU+7nyWqa+DsA9A37gfyRCu5Puv4wd
Malware Config
Extracted
netwire
wirenetwire.duckdns.org:4044
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
UPDATED
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
sDSjlYcs
-
offline_keylogger
true
-
password
Chizzy25@=
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
4dbb425ffb7d19f5f1f21d2dec7debde_JaffaCakes118
-
Size
428KB
-
MD5
4dbb425ffb7d19f5f1f21d2dec7debde
-
SHA1
8a478e6c6445bf614780a8e1475512a7ed7d6ef2
-
SHA256
2ca2abda19a7c835b993e6abd1b8e1c3595dd70ca41b7003cc9f59da54b7d60a
-
SHA512
0511a482a34f92b186c595a69698791efeb07680af940f4e3340c82182e38f1938ee1cc0816a3694dfef13dd78fa882712bdc5ef9a528c001d970387fe7c9680
-
SSDEEP
6144:Oo52R+7qeqtWqaITaUx55ADZA9AjL2v4qtfyRCkruCLbp5E3Auv4wdk:fU+7nyWqa+DsA9A37gfyRCu5Puv4wd
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-