General
-
Target
6b688fe2d4d839a1c658a664169fe802_JaffaCakes118
-
Size
87KB
-
Sample
240523-szw5fsga35
-
MD5
6b688fe2d4d839a1c658a664169fe802
-
SHA1
3c148d965f5bca9631ab6ac805dbc72b5d0bb5d9
-
SHA256
4bade349238218ecdadb1a0e6b62dc5a5651d8b3c061d922a4cc8168dd8994d6
-
SHA512
ad18760182be4954c8663a011ed4e508461884b6945e8013ff694692ce8f858bda812a281b3c01132305d603cb40500071a43e91702b26c177c7aaa798c4276a
-
SSDEEP
1536:+0MJ8j0RKCQwPPmP3pkIvYMryt0L0CIuq2RKbZ7vRhROhcEmTlFlFE:1MJ8QA0PwXvYMryt0YCIdGephROco
Malware Config
Extracted
netwire
174.127.99.212:1604
-
activex_autorun
true
-
activex_key
{5NR6546S-KN70-W0H0-BV2W-1414KP3EI6N4}
-
copy_executable
false
-
delete_original
true
-
host_id
bright
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
qAWtlYNY
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
StartKey
-
use_mutex
true
Targets
-
-
Target
6b688fe2d4d839a1c658a664169fe802_JaffaCakes118
-
Size
87KB
-
MD5
6b688fe2d4d839a1c658a664169fe802
-
SHA1
3c148d965f5bca9631ab6ac805dbc72b5d0bb5d9
-
SHA256
4bade349238218ecdadb1a0e6b62dc5a5651d8b3c061d922a4cc8168dd8994d6
-
SHA512
ad18760182be4954c8663a011ed4e508461884b6945e8013ff694692ce8f858bda812a281b3c01132305d603cb40500071a43e91702b26c177c7aaa798c4276a
-
SSDEEP
1536:+0MJ8j0RKCQwPPmP3pkIvYMryt0L0CIuq2RKbZ7vRhROhcEmTlFlFE:1MJ8QA0PwXvYMryt0YCIdGephROco
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-