Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
13-05-2024 09:07
General
-
Target
3eb92557c4e43b6aa35f883613c436bd_JaffaCakes118.exe
-
Size
127KB
-
MD5
3eb92557c4e43b6aa35f883613c436bd
-
SHA1
cf64038bb03f60b329e787710b32b3aed7ff6a72
-
SHA256
32912cedcefbbd0d80bbad352d2f45db85441a091faafe55d34a77f174890405
-
SHA512
a3738d914a36d9df3c85039bffb9fa79427da4fa1b19bfabbf97431ce1403e1210b16d63fe0f6531b9b3af5a22528c555d744d928d1f2234b277b70678832cee
-
SSDEEP
3072:yb3RWhfmSbEsz7nD/x0dZTGvd+PACdEDXJS6eb5Viz7wREzL7:OIhfmSosz7nD/qvCdSdEDk6eb5VizsRu
Score
10/10
Malware Config
Extracted
Family
netwire
C2
185.244.30.118:38992
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-mGGcec
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Signatures
-
NetWire RAT payload 1 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Processes
-
C:\Users\Admin\AppData\Local\Temp\3eb92557c4e43b6aa35f883613c436bd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3eb92557c4e43b6aa35f883613c436bd_JaffaCakes118.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
172KB