General
-
Target
a96533382ddf3cd1c5c55f5e0859f61d_JaffaCakes118
-
Size
259KB
-
Sample
240819-dy81asvglk
-
MD5
a96533382ddf3cd1c5c55f5e0859f61d
-
SHA1
07a54f5d529028aa32685e6dee2f38399383a019
-
SHA256
057bda152070b56a3170751013a6faa954486d59f30e9c651f11d5d0c8ff0f86
-
SHA512
bdd0e90e038f1e2e4063e5b5c96b2196b4b2ccd5dbeece9d5f1c7980dc6f25bf7a2af0ed12c83fdab44693e148e63fe95268a86e9e8d888b82a3332a8f0ed8da
-
SSDEEP
3072:5glIhtTqeH5AcfDEunEb7hWsve7bKW9FWCtC0y9LgxgFM7c38ECh7Wa:5glIXqeH5Nwbl5ve7e+CN9KcMEu7W
Malware Config
Extracted
netwire
haija.mine.nu:1996
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
a96533382ddf3cd1c5c55f5e0859f61d_JaffaCakes118
-
Size
259KB
-
MD5
a96533382ddf3cd1c5c55f5e0859f61d
-
SHA1
07a54f5d529028aa32685e6dee2f38399383a019
-
SHA256
057bda152070b56a3170751013a6faa954486d59f30e9c651f11d5d0c8ff0f86
-
SHA512
bdd0e90e038f1e2e4063e5b5c96b2196b4b2ccd5dbeece9d5f1c7980dc6f25bf7a2af0ed12c83fdab44693e148e63fe95268a86e9e8d888b82a3332a8f0ed8da
-
SSDEEP
3072:5glIhtTqeH5AcfDEunEb7hWsve7bKW9FWCtC0y9LgxgFM7c38ECh7Wa:5glIXqeH5Nwbl5ve7e+CN9KcMEu7W
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-