General
-
Target
c964e2f4c8334fa8a54f30ac9db0a883e9e93bc93e6d532f451f9b7f41295986
-
Size
356KB
-
Sample
240410-rf2p6adf4w
-
MD5
a77833d689be13eae622d48f8a5a8b12
-
SHA1
0e96529a4ed136cd24602d074e7d70e8ae73a143
-
SHA256
c964e2f4c8334fa8a54f30ac9db0a883e9e93bc93e6d532f451f9b7f41295986
-
SHA512
83e9ce66e5aee43b514d7d2a2b92c9fe3dc261ba250c94a0788066c7cf85bbed15f24f841e4d4e65ae9ce6cb2636f6933f7ed067b721a7a51e53b49f42f46652
-
SSDEEP
6144:Bz+92mhAMJ/cPl3i8/oYt9AHvjcQxV8uqtxazGoygDNO4PIurw0+Rfjr5:BK2mhAMJ/cPlJp9AblH/2KBMurUf5
Malware Config
Extracted
netwire
knudandersen.zapto.org:21000
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
UD.28.02.17
-
keylogger_dir
C:\NVIDIA\profile\
-
lock_executable
false
-
offline_keylogger
true
-
password
1@wi%252ReNd5y0576Z*
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
c964e2f4c8334fa8a54f30ac9db0a883e9e93bc93e6d532f451f9b7f41295986
-
Size
356KB
-
MD5
a77833d689be13eae622d48f8a5a8b12
-
SHA1
0e96529a4ed136cd24602d074e7d70e8ae73a143
-
SHA256
c964e2f4c8334fa8a54f30ac9db0a883e9e93bc93e6d532f451f9b7f41295986
-
SHA512
83e9ce66e5aee43b514d7d2a2b92c9fe3dc261ba250c94a0788066c7cf85bbed15f24f841e4d4e65ae9ce6cb2636f6933f7ed067b721a7a51e53b49f42f46652
-
SSDEEP
6144:Bz+92mhAMJ/cPl3i8/oYt9AHvjcQxV8uqtxazGoygDNO4PIurw0+Rfjr5:BK2mhAMJ/cPlJp9AblH/2KBMurUf5
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-