General
-
Target
3d1fedae3b958d20bbfaeb8fd3aa15d9_JaffaCakes118
-
Size
297KB
-
Sample
240514-ablppsba3x
-
MD5
3d1fedae3b958d20bbfaeb8fd3aa15d9
-
SHA1
a647f029b6e3035a5a0184b9731627e83b758b65
-
SHA256
4dcf1134a50b6c5ffd72fed501638c2e6d1c820c5f949190182c9a6b6841b437
-
SHA512
9540583d07d944aae7993c3108696977c3c8e51421a49c33276ccb8e3de543d1b8ac10ade84544a1e81cf114257ef005012b55f540ea2f58dfe5871bf9a9e1f6
-
SSDEEP
6144:seVz5osDIuxtSCWZUxrbAiqxHuKruz5wxEZ0q/zaW6iB:s85bEugislfruz5k00iB
Malware Config
Extracted
netwire
142.93.223.63:5002
-
activex_autorun
false
-
copy_executable
false
-
delete_original
true
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3d1fedae3b958d20bbfaeb8fd3aa15d9_JaffaCakes118
-
Size
297KB
-
MD5
3d1fedae3b958d20bbfaeb8fd3aa15d9
-
SHA1
a647f029b6e3035a5a0184b9731627e83b758b65
-
SHA256
4dcf1134a50b6c5ffd72fed501638c2e6d1c820c5f949190182c9a6b6841b437
-
SHA512
9540583d07d944aae7993c3108696977c3c8e51421a49c33276ccb8e3de543d1b8ac10ade84544a1e81cf114257ef005012b55f540ea2f58dfe5871bf9a9e1f6
-
SSDEEP
6144:seVz5osDIuxtSCWZUxrbAiqxHuKruz5wxEZ0q/zaW6iB:s85bEugislfruz5k00iB
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Suspicious use of SetThreadContext
-