General
-
Target
e9e65f73b3eb81d2fb312b0e1fa4f091_JaffaCakes118
-
Size
536KB
-
Sample
240918-y1zvmasamj
-
MD5
e9e65f73b3eb81d2fb312b0e1fa4f091
-
SHA1
ec1e33af0dcbe17c0de79f6a426a6dec1039e40b
-
SHA256
6ed342acefa56734d0955db0915287c62e5da3b9102379adced43819331e0977
-
SHA512
01a19c9e6e587ed40fc0e46ab85ed4a61840e017d8fb312044ccb912bb0cfc758f3cbad5b3909ddf3685dc1c80e1c9f0d071bde42cad5fcf12bb72ec4b8e82e4
-
SSDEEP
12288:SpsHWt8M7brU105+puxiaGg6HxCXxh7z9G:SpsHU8M7s2IpeiaeYv75G
Malware Config
Extracted
netwire
trippleboss.warzonedns.com:39460
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\Imgburn\
-
lock_executable
true
-
offline_keylogger
true
-
password
Favor1000$
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
e9e65f73b3eb81d2fb312b0e1fa4f091_JaffaCakes118
-
Size
536KB
-
MD5
e9e65f73b3eb81d2fb312b0e1fa4f091
-
SHA1
ec1e33af0dcbe17c0de79f6a426a6dec1039e40b
-
SHA256
6ed342acefa56734d0955db0915287c62e5da3b9102379adced43819331e0977
-
SHA512
01a19c9e6e587ed40fc0e46ab85ed4a61840e017d8fb312044ccb912bb0cfc758f3cbad5b3909ddf3685dc1c80e1c9f0d071bde42cad5fcf12bb72ec4b8e82e4
-
SSDEEP
12288:SpsHWt8M7brU105+puxiaGg6HxCXxh7z9G:SpsHU8M7s2IpeiaeYv75G
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-