Extracted

• • Target

    80f528588d5e84152ecf6e25b8dad4dd_JaffaCakes118

  • Size

    7.6MB

  • MD5

    80f528588d5e84152ecf6e25b8dad4dd

  • SHA1

    80947aee4243d752b9c187caf01b3d864b7474c7

  • SHA256

    cdfd2505408b2c422e018011e64500a241f149654435a7cd0e4d674a733c5bd6

  • SHA512

    2e3ed889d636e45c52b65e8445dd6bf630f9117703cf98fcf95e6a129856d5c8b6bd0fa4f8812fe33eb52b8872194ff11222ffd9170e08c0f3d5934672aebcdc

  • SSDEEP

    3072:QexSaR/D54T4ebgGZB8OOccgwM6G2Cgo5wUlkGkfCNrkdTOMJXIYOUHqlJN3Wpl:Qklr5kbg0B8VcnJcCg4jlkGp0T5i

  Score

  10^/10

  netwirebotnetratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2