General
-
Target
72e501519df227a8187dd9d4bb499fd0N.exe
-
Size
847KB
-
Sample
240719-j3awys1blm
-
MD5
72e501519df227a8187dd9d4bb499fd0
-
SHA1
5792e1936da039d04bbe5d372004df5d798bd739
-
SHA256
3f4a2e22fb7cb3d484faf02cb27c71ff1b9ccd110f7dae5e8043013a5f8c3c52
-
SHA512
30408083e019df72008bbbe5b330dba98e71a47be678cbeb5420fbe0136700da091be469a543acd85a61b81da611e557b07f126df0da0d77415f03f1adad1c02
-
SSDEEP
12288:+GdQQdRcc8xl/hy/m6Io77RAKVtgVpA9TUsUzq9Yt5IlSOArWFazwb3C2kUg:+OQQGfCm6IQAE59TUEGylNArWgqC2kV
Malware Config
Extracted
netwire
94.242.59.7:56565
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
VPS
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Appleaddict45@
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
72e501519df227a8187dd9d4bb499fd0N.exe
-
Size
847KB
-
MD5
72e501519df227a8187dd9d4bb499fd0
-
SHA1
5792e1936da039d04bbe5d372004df5d798bd739
-
SHA256
3f4a2e22fb7cb3d484faf02cb27c71ff1b9ccd110f7dae5e8043013a5f8c3c52
-
SHA512
30408083e019df72008bbbe5b330dba98e71a47be678cbeb5420fbe0136700da091be469a543acd85a61b81da611e557b07f126df0da0d77415f03f1adad1c02
-
SSDEEP
12288:+GdQQdRcc8xl/hy/m6Io77RAKVtgVpA9TUsUzq9Yt5IlSOArWFazwb3C2kUg:+OQQGfCm6IQAE59TUEGylNArWgqC2kV
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-