General
-
Target
37d0708b3e5a1e9db1fa3b937a2ed798_JaffaCakes118
-
Size
1.5MB
-
Sample
240512-c5kevace8s
-
MD5
37d0708b3e5a1e9db1fa3b937a2ed798
-
SHA1
cb56b9947d6c50d623c79901f86aad8866c22253
-
SHA256
74f9006747faee6ce6fa872dcd29ab9693b079bbc746159cbd549885730ebc39
-
SHA512
b7124ab6caa7f6b4d87482c321ae0c0bfdcef2a1f99e5c885494b804a3bf68c398f655ee7dc223d5e330d4ed88f19f171c91803ed65002295c1cc748c501b52b
-
SSDEEP
24576:7Bxc5ygLhAUV6e5fenDBtdECi3be04tvPrjptssK4ZDz:7BGDCJe5fen9tabyvPrjptvK4Z
Malware Config
Extracted
netwire
ptmk1.ddns.net:8906
-
activex_autorun
true
-
activex_key
{2BH726K8-04UQ-82YA-EVO8-RCTPBP542701}
-
copy_executable
true
-
delete_original
true
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Skyype.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
DkDoPqeJ
-
offline_keylogger
true
-
password
Ratrat123$
-
registry_autorun
true
-
startup_name
NetW
-
use_mutex
true
Targets
-
-
Target
37d0708b3e5a1e9db1fa3b937a2ed798_JaffaCakes118
-
Size
1.5MB
-
MD5
37d0708b3e5a1e9db1fa3b937a2ed798
-
SHA1
cb56b9947d6c50d623c79901f86aad8866c22253
-
SHA256
74f9006747faee6ce6fa872dcd29ab9693b079bbc746159cbd549885730ebc39
-
SHA512
b7124ab6caa7f6b4d87482c321ae0c0bfdcef2a1f99e5c885494b804a3bf68c398f655ee7dc223d5e330d4ed88f19f171c91803ed65002295c1cc748c501b52b
-
SSDEEP
24576:7Bxc5ygLhAUV6e5fenDBtdECi3be04tvPrjptssK4ZDz:7BGDCJe5fen9tabyvPrjptvK4Z
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-