Extracted

• • Target

    04bbdd921511f861a0f57266f1b4df74_JaffaCakes118

  • Size

    1.2MB

  • MD5

    04bbdd921511f861a0f57266f1b4df74

  • SHA1

    9bc604264b0bbb72e4676a03410b362d13dfc4fe

  • SHA256

    0e96012b8943538086ce528e979199c5d70c30ed8baac4336f43ae02a410a769

  • SHA512

    29a1566adbee4a9271279af58f97746e1cb47f5cd3d046cf4cf7737dc59f9595f80aecca06ff7b9cdb18cd4377958cddb3ee984b1746ba2a954d1bfe1b316da1

  • SSDEEP

    24576:n6dCrRs7z+jfzalONIoo7LGOb7Bwew9s6yApEwviC9P:6YqO1o7/63pEq

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2