General
-
Target
76fa522401061cc2cd8b1c78fa42fec1_JaffaCakes118
-
Size
84KB
-
Sample
240526-19dd4aeb3w
-
MD5
76fa522401061cc2cd8b1c78fa42fec1
-
SHA1
efed4449976f228810a3c89a242ec6bc99a9e0da
-
SHA256
430baf2d73f61c67bb45a393c6f401edc511bc324402f9458cbc60060f91eb3d
-
SHA512
97bd4685b12213a1e384355fd53eabd53a22a0e874f8dcc39c2b7052507c972f886ad38f6d61ef1f8f8c89a3a02848a2c17322514683aee01d5465ab3c129a2d
-
SSDEEP
1536:Jr/zIEc9uQ1q1vD9qrPP+r4MrdN/F+Xs6ibNqiRGWkxuACPWTF:Jr/zIEyQIrPP+r4MrdN/086ibgqGWkiE
Malware Config
Extracted
netwire
23.249.162.17:3360
-
activex_autorun
true
-
activex_key
{0G73YX2B-OY4B-WTW8-GQ6A-25QJ45AJSE4S}
-
copy_executable
true
-
delete_original
true
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
paulof
-
registry_autorun
true
-
startup_name
system
-
use_mutex
false
Targets
-
-
Target
76fa522401061cc2cd8b1c78fa42fec1_JaffaCakes118
-
Size
84KB
-
MD5
76fa522401061cc2cd8b1c78fa42fec1
-
SHA1
efed4449976f228810a3c89a242ec6bc99a9e0da
-
SHA256
430baf2d73f61c67bb45a393c6f401edc511bc324402f9458cbc60060f91eb3d
-
SHA512
97bd4685b12213a1e384355fd53eabd53a22a0e874f8dcc39c2b7052507c972f886ad38f6d61ef1f8f8c89a3a02848a2c17322514683aee01d5465ab3c129a2d
-
SSDEEP
1536:Jr/zIEc9uQ1q1vD9qrPP+r4MrdN/F+Xs6ibNqiRGWkxuACPWTF:Jr/zIEyQIrPP+r4MrdN/086ibgqGWkiE
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-