General
-
Target
ad20d9236999ff2f32e65dc2876b1e6981fb26fe48dab4cc2fe2f419516a6a23
-
Size
219KB
-
Sample
240417-qa9cdage58
-
MD5
50ab29914b3fb158a3c337f3d654c8ae
-
SHA1
d7db548523de40cc077bef975c4d699218d1cb92
-
SHA256
ad20d9236999ff2f32e65dc2876b1e6981fb26fe48dab4cc2fe2f419516a6a23
-
SHA512
7866c2dc7bdad245db77d8a4a27b9e62e2b24a2873b5cab00be45bf1e2d791cd9bcfa52e802ea0569fd8f0ba53343ec001fad8d72aa40be82547077aeb82efde
-
SSDEEP
6144:kYKcrLA6Cd3YQK7irS2cxjQaNoeopGUoSI:klcHA6k3K+EXlsoSI
Malware Config
Extracted
netwire
forgiveme.workisboring.com:3360
-
activex_autorun
true
-
activex_key
{TN38RH36-U670-03U7-57DE-24XMTWQBHGH1}
-
copy_executable
true
-
delete_original
false
-
host_id
bendal
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
centosffjk
-
use_mutex
false
Targets
-
-
Target
d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.exe
-
Size
432KB
-
MD5
9b07a0fdaa64049e857b3982eeb3a575
-
SHA1
63d7d2eefd78ee4736243c8e32c305366603c579
-
SHA256
d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b
-
SHA512
49db3c66ee829534937ba0cc8f62f568cc04891b141e402d5c2c7961335efbd453f33bc57b218f9cf609b4a665df4b31810d4215d6e994c03934264b184c770a
-
SSDEEP
6144:SPn3xY3d6ND9D/S4mAC09X1Qd6pOzWqGLDUz7j42W3Llin:SLNoS1Y6pq1AUvjW3Un
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-