General
-
Target
1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06.zip
-
Size
668KB
-
Sample
240402-q6rgfacb8x
-
MD5
f2b9252dcf0bf16c5ffc3f8003219f00
-
SHA1
c8f14cb1102928214445065a5d885b4d7577cf56
-
SHA256
cdf8b484121e8b872db86fc75be27073a0d1be264e5f106d890d6f9bba69d16a
-
SHA512
bb2f62c9e77d3ad06627c0a04266509b3c249ce879056f044c4a60b65c4d8a9fec05716d1ebba6ac2e5233d37c1c90f959bf2b49f0439a0331e1cbdcd5142b7d
-
SSDEEP
12288:pL0vmcJxB9ZXxdu+lb6YmEzXH2F1AASh0KM+Ffk5JbtbZjOXu1rDY:F0/19FmEzXH2kASw+efbdZad
Malware Config
Extracted
netwire
halwachi50.mymediapc.net:5868
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06.exe
-
Size
1.1MB
-
MD5
9c6d1aca02db373a52401485c376d87e
-
SHA1
9cc4435729a11d7c524d761b67de508b4474b206
-
SHA256
1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06
-
SHA512
9f4aaadf939a97e2354f18ef1943594edf2c6eb04852e4fecc68ff1eeee9146ff1ec1ac26191f8c9435e39b765da23f14aa835313de670d3235e6b4eb890955d
-
SSDEEP
24576:iCdxte/80jYLT3U1jfsWa/69ryeoEuGfYsoRzDQ:zw80cTsjkWa/FR4
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-