General
-
Target
3eb92557c4e43b6aa35f883613c436bd_JaffaCakes118
-
Size
127KB
-
Sample
240513-k3rp5sgf63
-
MD5
3eb92557c4e43b6aa35f883613c436bd
-
SHA1
cf64038bb03f60b329e787710b32b3aed7ff6a72
-
SHA256
32912cedcefbbd0d80bbad352d2f45db85441a091faafe55d34a77f174890405
-
SHA512
a3738d914a36d9df3c85039bffb9fa79427da4fa1b19bfabbf97431ce1403e1210b16d63fe0f6531b9b3af5a22528c555d744d928d1f2234b277b70678832cee
-
SSDEEP
3072:yb3RWhfmSbEsz7nD/x0dZTGvd+PACdEDXJS6eb5Viz7wREzL7:OIhfmSosz7nD/qvCdSdEDk6eb5VizsRu
Malware Config
Extracted
netwire
185.244.30.118:38992
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3eb92557c4e43b6aa35f883613c436bd_JaffaCakes118
-
Size
127KB
-
MD5
3eb92557c4e43b6aa35f883613c436bd
-
SHA1
cf64038bb03f60b329e787710b32b3aed7ff6a72
-
SHA256
32912cedcefbbd0d80bbad352d2f45db85441a091faafe55d34a77f174890405
-
SHA512
a3738d914a36d9df3c85039bffb9fa79427da4fa1b19bfabbf97431ce1403e1210b16d63fe0f6531b9b3af5a22528c555d744d928d1f2234b277b70678832cee
-
SSDEEP
3072:yb3RWhfmSbEsz7nD/x0dZTGvd+PACdEDXJS6eb5Viz7wREzL7:OIhfmSosz7nD/qvCdSdEDk6eb5VizsRu
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-