General
-
Target
a38ad704ae67462e8890bbd7738c58e2_JaffaCakes118
-
Size
475KB
-
Sample
240613-c1xjls1epg
-
MD5
a38ad704ae67462e8890bbd7738c58e2
-
SHA1
0345707df4df630de7520c6901a08a39332c7731
-
SHA256
0f7061b3e130e6e74d13a7c11fe4d6fb210c0fc4d26ec98b576169cbe5527cd9
-
SHA512
65236d0caa6b5307db81dd2b2cef139b8f653ee87d992a1cd29675c193f16206ed6e83d33c8bdff83057fa5d08502b8f8ec8929c4b7505dabc873c43a75abfbd
-
SSDEEP
6144:Fr/BPeMTuxDmJh6YGdFWSSb/0zCPwFqz0JYnbN2FGU7pnMV2l0kEB1e:F9LIm76YG/WSSb/0QRbgF77pMcaB1
Malware Config
Extracted
netwire
178.32.72.136:3361
193.124.0.151:3362
-
activex_autorun
true
-
activex_key
{0QG8J5X8-8ATR-63E7-Y066-IIX78EN8O68E}
-
copy_executable
true
-
delete_original
true
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Skype.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
kgTjYgBY
-
offline_keylogger
true
-
password
ebefob44
-
registry_autorun
true
-
startup_name
TeamViewer
-
use_mutex
true
Targets
-
-
Target
a38ad704ae67462e8890bbd7738c58e2_JaffaCakes118
-
Size
475KB
-
MD5
a38ad704ae67462e8890bbd7738c58e2
-
SHA1
0345707df4df630de7520c6901a08a39332c7731
-
SHA256
0f7061b3e130e6e74d13a7c11fe4d6fb210c0fc4d26ec98b576169cbe5527cd9
-
SHA512
65236d0caa6b5307db81dd2b2cef139b8f653ee87d992a1cd29675c193f16206ed6e83d33c8bdff83057fa5d08502b8f8ec8929c4b7505dabc873c43a75abfbd
-
SSDEEP
6144:Fr/BPeMTuxDmJh6YGdFWSSb/0zCPwFqz0JYnbN2FGU7pnMV2l0kEB1e:F9LIm76YG/WSSb/0QRbgF77pMcaB1
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-