General
-
Target
6f5104bde3de1aa9fde0bb260b4b0791_JaffaCakes118
-
Size
550KB
-
Sample
240524-v9s7nadf4y
-
MD5
6f5104bde3de1aa9fde0bb260b4b0791
-
SHA1
d821aea148173cc167aa96a89194e0b07ac1a791
-
SHA256
10d14ef85a4adabafbdcdd7ba04cbbfd97fc4da62d24a4cbe6c20054eab1a1df
-
SHA512
7bb4945fcc25a81c9d74601f840add7f95fa6d8404c5c3f55e4cab3fcb773328f045606e17dc9e4c13c54d9214b28bafc90f4a0de55fb7e8fbee1c3e7b8bd78a
-
SSDEEP
12288:qa6Jb0lIEuVptZQ12DuWFj6HDFCa2Pn/8c769k:qv4ItTdwHDYaan0K6W
Malware Config
Extracted
netwire
160.202.163.242:8704
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
6f5104bde3de1aa9fde0bb260b4b0791_JaffaCakes118
-
Size
550KB
-
MD5
6f5104bde3de1aa9fde0bb260b4b0791
-
SHA1
d821aea148173cc167aa96a89194e0b07ac1a791
-
SHA256
10d14ef85a4adabafbdcdd7ba04cbbfd97fc4da62d24a4cbe6c20054eab1a1df
-
SHA512
7bb4945fcc25a81c9d74601f840add7f95fa6d8404c5c3f55e4cab3fcb773328f045606e17dc9e4c13c54d9214b28bafc90f4a0de55fb7e8fbee1c3e7b8bd78a
-
SSDEEP
12288:qa6Jb0lIEuVptZQ12DuWFj6HDFCa2Pn/8c769k:qv4ItTdwHDYaan0K6W
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-