General
-
Target
6FC817F7C53BEEA30C55D55779CEF31D.exe
-
Size
467KB
-
Sample
240417-selszseg5v
-
MD5
6fc817f7c53beea30c55d55779cef31d
-
SHA1
ec9f6005ccbc9b8f3286445e9d071c3f3751d52b
-
SHA256
9be6abe91db5212e333a086a8f9db157c08f7cf1eeb9020f6cf13444ddab8036
-
SHA512
5ecbe0be020007f8deb7b9471a23345863368a149790ca026517831339d167c37a50c65a91c449cdae1d090d17cc31638298fa5a98ac99feff6f77587cbea0f4
-
SSDEEP
6144:j2OGscfKNO6bRDnqY9Nt3o9LresPnp4v26BEWwmJR5QeV3rQCVsOI0XlAU9k:27fKNx9+Wz0OsKVElwLVO0XlF9k
Malware Config
Extracted
netwire
dnsresoIve.ns01.US:15111
dnsresolve.srz2l6.com:15111
PLUGINUPDATES.duckdns.org:15111
updateavlocalgenuine.com:15111
localupdate.ns02.info:15111
dnsresolve.nsl1.cc:15111
dnsresolve.srs8l2.com:15111
-
activex_autorun
false
-
activex_key
{A3N5KUJ4-U7S4-6J45-1DJ6-32HM4W8Q0615}
-
copy_executable
false
-
delete_original
false
-
host_id
AVR-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
DuleX
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
6FC817F7C53BEEA30C55D55779CEF31D.exe
-
Size
467KB
-
MD5
6fc817f7c53beea30c55d55779cef31d
-
SHA1
ec9f6005ccbc9b8f3286445e9d071c3f3751d52b
-
SHA256
9be6abe91db5212e333a086a8f9db157c08f7cf1eeb9020f6cf13444ddab8036
-
SHA512
5ecbe0be020007f8deb7b9471a23345863368a149790ca026517831339d167c37a50c65a91c449cdae1d090d17cc31638298fa5a98ac99feff6f77587cbea0f4
-
SSDEEP
6144:j2OGscfKNO6bRDnqY9Nt3o9LresPnp4v26BEWwmJR5QeV3rQCVsOI0XlAU9k:27fKNx9+Wz0OsKVElwLVO0XlF9k
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Suspicious use of SetThreadContext
-