General
-
Target
2eaa85a17c04051ac6d62ec3e3e3990d_JaffaCakes118
-
Size
315KB
-
Sample
240510-mgff4acf45
-
MD5
2eaa85a17c04051ac6d62ec3e3e3990d
-
SHA1
15cb004c746ed141e39a752acd88bc8e78a565f1
-
SHA256
8dcaf4a7db1469a9da01fb183bc1369a8067ae081dc8074ab9fa5d6ccb150292
-
SHA512
332371e6b6707265d02134c533d44144910ab36c154f87b3edd2bac4158a4df4da995de6b4f7655fd6e1ad657bdba651585df02a1e607ac4c843db4faa94e9fd
-
SSDEEP
3072:wQjJFH9xHfYxWLHvXZJ9hu2aB1wDRqVxaM5P6nnE6BWlNtZ4gshEfpLEL3MpoaKk:wyLdxHfYxWphRaimx96nn/ynshJ/Mn9
Malware Config
Extracted
netwire
nicemove.100chickens.biz:3360
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
kieITJcD
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
Onedrive update
-
use_mutex
true
Targets
-
-
Target
2eaa85a17c04051ac6d62ec3e3e3990d_JaffaCakes118
-
Size
315KB
-
MD5
2eaa85a17c04051ac6d62ec3e3e3990d
-
SHA1
15cb004c746ed141e39a752acd88bc8e78a565f1
-
SHA256
8dcaf4a7db1469a9da01fb183bc1369a8067ae081dc8074ab9fa5d6ccb150292
-
SHA512
332371e6b6707265d02134c533d44144910ab36c154f87b3edd2bac4158a4df4da995de6b4f7655fd6e1ad657bdba651585df02a1e607ac4c843db4faa94e9fd
-
SSDEEP
3072:wQjJFH9xHfYxWLHvXZJ9hu2aB1wDRqVxaM5P6nnE6BWlNtZ4gshEfpLEL3MpoaKk:wyLdxHfYxWphRaimx96nn/ynshJ/Mn9
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-