Extracted

• • Target

    42f0d32c7ce2b6b5b12b57234249143b_JaffaCakes118

  • Size

    766KB

  • MD5

    42f0d32c7ce2b6b5b12b57234249143b

  • SHA1

    cc81f66fdd118e5a956def1496a4dae414279320

  • SHA256

    09b9c216e0668fae6504e233d6b46b5049f9895c4356e7dbcc6cd7e5903b5374

  • SHA512

    96624bdbc0401d3dd3f6e6b456fb96273c6ff508f3dd8daadc31642487328a78566f92f4c4aadeb63bfd0fbfac8eff65aa78c50ee5758da1be5604bf6f491b4a

  • SSDEEP

    12288:OK2mhAMJ/cPlBTdyIq4jndm7JRW8ySJ1Zt/8h7UH16kyc3HS4Mr2TWAu8pZLpaFO:f2O/GlBTdyIq4jndm7PW8F1M7AMkycLB

  Score

  10^/10

  netwirebotnetevasionpersistenceratstealertrojan

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2