General
-
Target
357612d1b083d0af6a132d538578cf1e_JaffaCakes118
-
Size
148KB
-
Sample
240511-tr8zqahh97
-
MD5
357612d1b083d0af6a132d538578cf1e
-
SHA1
db52c9b79b04dc0835973ce09c266c6c96045dab
-
SHA256
09be294465ddca327f3e4ea382f440ba6703b1a15565e6b3b836d5d0b96d7050
-
SHA512
9215b13a30061dcd35255a02b46df5956e9a79975016c326d939c77935cad2876f7c61ba4d792d0db53b22907637c8a00e30090dddc0e95a076eac6a153a3990
-
SSDEEP
3072:0XFgYEAsB4+Cb3iiDUCcmE90rvPkGK+drlnYMRFfSG:0XGYEVat3iiDUCcf+rEG5bzRFfB
Malware Config
Extracted
netwire
79.134.225.103:39561
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
WEALTH
-
keylogger_dir
%AppData%\Logs\Imgburn\
-
lock_executable
false
-
mutex
JJkGJsVJ
-
offline_keylogger
true
-
password
Favor1000$
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
357612d1b083d0af6a132d538578cf1e_JaffaCakes118
-
Size
148KB
-
MD5
357612d1b083d0af6a132d538578cf1e
-
SHA1
db52c9b79b04dc0835973ce09c266c6c96045dab
-
SHA256
09be294465ddca327f3e4ea382f440ba6703b1a15565e6b3b836d5d0b96d7050
-
SHA512
9215b13a30061dcd35255a02b46df5956e9a79975016c326d939c77935cad2876f7c61ba4d792d0db53b22907637c8a00e30090dddc0e95a076eac6a153a3990
-
SSDEEP
3072:0XFgYEAsB4+Cb3iiDUCcmE90rvPkGK+drlnYMRFfSG:0XGYEVat3iiDUCcf+rEG5bzRFfB
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-