Extracted

• • Target

    bd757716c49f28b3b5fdd4889622ac88_JaffaCakes118

  • Size

    636KB

  • MD5

    bd757716c49f28b3b5fdd4889622ac88

  • SHA1

    4a0aa1abddc6b37e1f1cec49944ce1a86c1c0ed6

  • SHA256

    de60cb399e76b142afc3f7876e2228d6d8c17fd4d3dc7e6f9084172543f6c327

  • SHA512

    557a3b0be972d2d3402a4a8846bdfb182389a4d575c722386cc67e8ce7d868bac26f169e40a397ad7f2851ac62fc58fca220772228616a000f6c7b0dfef994f6

  • SSDEEP

    12288:BE5y8d0ZBrXbv2/q+BZZPhZfg5YJeIIBy:BEEZB2/qgZ0a

  Score

  10^/10

  netwirebotnetpersistenceprivilege_escalationratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2