Extracted

• • Target

    841e9227af67d61b8db0d61e56a2674c_JaffaCakes118

  • Size

    543KB

  • MD5

    841e9227af67d61b8db0d61e56a2674c

  • SHA1

    53570172745634ae234cc5781c4537bfec5931b2

  • SHA256

    c6116c1f7d5326b65000c44e2c690967672a658d6123f8ecb1634277748bebbc

  • SHA512

    c12c17aafbd7d9ce65f7bb067f90ae7a9d1d4b494e2e60ec099b2afbe2d190b8840689217c58bd724fb1706489a063da49e1aa973df10cd6c004fa5af80b8c06

  • SSDEEP

    12288:cQawNsW7lerECtu4aLgbqu6khVc0qI7oe3gP5WecUa/0TBPf0:cQa+HperrOUj6k7ZqC30tbBPf0

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2