Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
15-06-2024 01:17
General
-
Target
ac5f7b8dc197a4fa14e20790993fa496_JaffaCakes118.exe
-
Size
131KB
-
MD5
ac5f7b8dc197a4fa14e20790993fa496
-
SHA1
340147a6229f024265911284e064910bac233158
-
SHA256
8a38d1608efa9bfa6633ff7263328891a3e4f91252fef1c0fe00825133b646df
-
SHA512
394293d2636754b62d1303f025a196982e6289ddd5cc5f62e231a08da20fb88faa630cad8ede0f23e2702e32f7430eb9a74ec1c4f1d4b63a37528ee05c8bf61c
-
SSDEEP
1536:GztMSlSKzF0Lh5YueCT21U8aNj6FNX3pLD05UvFPetTF5r5g5t3B:utlSKzF0Lh5YueOaU2NJQuFmtTmt3
Score
10/10
Malware Config
Extracted
Family
netwire
C2
bobo231.hopto.org:3699
Attributes
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Bobs
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Signatures
-
NetWire RAT payload 1 IoCs
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac5f7b8dc197a4fa14e20790993fa496_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ac5f7b8dc197a4fa14e20790993fa496_JaffaCakes118.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176KB