General
-
Target
0a6886bdf35cdcc9a22d5d3170d701e0_JaffaCakes118
-
Size
1.1MB
-
Sample
240430-xtcwvafg35
-
MD5
0a6886bdf35cdcc9a22d5d3170d701e0
-
SHA1
e953b5e127597851b3f283ef3b039e2fa44127a5
-
SHA256
0a852cb2b5df5b5a1ad60663ae63a6439a97760436f4e53d6aa8c61ed7b6510b
-
SHA512
1bc59d47a33c3d881a07cb6898456840037dbf1ff4cac0aaeaee94efc1f9e0e3f85f2e4c01c2c7d8ea9d29ec9324aef09b610344ff76416befcb61dadbcdea01
-
SSDEEP
12288:T4ZgE3t2WLtJHtP9dqWU0Sm0izsTJSPpV6v3m1aGQyXFvF3jaw7RXzmShKW9RpBs:axz4cIa2eRTQM6nFrsh
Malware Config
Extracted
netwire
13.67.110.214:8080
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\SysLogs\
-
lock_executable
false
-
offline_keylogger
true
-
password
mrx325
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
0a6886bdf35cdcc9a22d5d3170d701e0_JaffaCakes118
-
Size
1.1MB
-
MD5
0a6886bdf35cdcc9a22d5d3170d701e0
-
SHA1
e953b5e127597851b3f283ef3b039e2fa44127a5
-
SHA256
0a852cb2b5df5b5a1ad60663ae63a6439a97760436f4e53d6aa8c61ed7b6510b
-
SHA512
1bc59d47a33c3d881a07cb6898456840037dbf1ff4cac0aaeaee94efc1f9e0e3f85f2e4c01c2c7d8ea9d29ec9324aef09b610344ff76416befcb61dadbcdea01
-
SSDEEP
12288:T4ZgE3t2WLtJHtP9dqWU0Sm0izsTJSPpV6v3m1aGQyXFvF3jaw7RXzmShKW9RpBs:axz4cIa2eRTQM6nFrsh
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-