Extracted

• • Target

    d892f5c3f987c9434a1d55849cd23919_JaffaCakes118

  • Size

    1.2MB

  • MD5

    d892f5c3f987c9434a1d55849cd23919

  • SHA1

    aa73f6b758bde05ec2e6f7266208fde8273ddd93

  • SHA256

    12cb8c0b5c0f9362440e34916c93e52d358e25b753f22cf9606add507b1a1c1d

  • SHA512

    4a863aba5cfe8e9521c353ab18023278d2b9eeac716b2ace1ac9becdc20e38c6b19386102906926a9ec5df559887c9c94a952d9d59fbc368cea5e620243f52cd

  • SSDEEP

    24576:eAHnh+eWsN3skA4RV1Hom2KXMmHaGZJRbJnUFWBUS3DMD5:Jh+ZkldoPK8YaGHRbbiV

  Score

  10^/10

  netwirebotnetdiscoveryratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2