Extracted

• • Target

    7d9bb96b136079089c40410575d02edb_JaffaCakes118

  • Size

    443KB

  • MD5

    7d9bb96b136079089c40410575d02edb

  • SHA1

    189f477ab2fd0129254543c1b141b9c2b38a138b

  • SHA256

    f3287a6edd21a00a2b5c85cdf0dd9917567dea86fc2eed207f2fa63e19d7b27f

  • SHA512

    ce82415b7fc877a2cb1485fa7f4caf1ed01daf07ce062b18736cef3fad93e256c4a8da282a10c2805e8615e587b479f3de13099d217457324df24a2d534060ad

  • SSDEEP

    12288:pmPZVKvYtrdi9aDZSmlTb9blmRWwK/gH6quir:0PiqZkoTlf9dgHfuir

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2