Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
11-05-2024 16:18
General
-
Target
357612d1b083d0af6a132d538578cf1e_JaffaCakes118.exe
-
Size
148KB
-
MD5
357612d1b083d0af6a132d538578cf1e
-
SHA1
db52c9b79b04dc0835973ce09c266c6c96045dab
-
SHA256
09be294465ddca327f3e4ea382f440ba6703b1a15565e6b3b836d5d0b96d7050
-
SHA512
9215b13a30061dcd35255a02b46df5956e9a79975016c326d939c77935cad2876f7c61ba4d792d0db53b22907637c8a00e30090dddc0e95a076eac6a153a3990
-
SSDEEP
3072:0XFgYEAsB4+Cb3iiDUCcmE90rvPkGK+drlnYMRFfSG:0XGYEVat3iiDUCcf+rEG5bzRFfB
Score
10/10
Malware Config
Extracted
Family
netwire
C2
79.134.225.103:39561
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
WEALTH
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\Imgburn\
-
lock_executable
false
-
mutex
JJkGJsVJ
-
offline_keylogger
true
-
password
Favor1000$
-
registry_autorun
false
-
use_mutex
true
Signatures
-
NetWire RAT payload 1 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Processes
-
C:\Users\Admin\AppData\Local\Temp\357612d1b083d0af6a132d538578cf1e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\357612d1b083d0af6a132d538578cf1e_JaffaCakes118.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB