General
-
Target
f27d216aad91d14815a55c01bd24a70f_JaffaCakes118
-
Size
380KB
-
Sample
240922-v1yqsa1erq
-
MD5
f27d216aad91d14815a55c01bd24a70f
-
SHA1
645caa29aaf3c51730d42abb3b41cb921c26c357
-
SHA256
00a2bfbb9c07fad681cf1009e4a0b5de8d9b6d9ce0937887ca1f9c95153e6c22
-
SHA512
ac1706f87539a66635102f93e910195698ce3698ed95a0297e3ce6fb8f8e2cf9a895a9cc455fb8bbf569d8f4ebaa9b2e1a300e4f550dc85c7486bec198e2b4c0
-
SSDEEP
6144:BWzRLS309cUvtT9TjiL2kiSYl5uuaRkr6qgo2g/YAurK2B7QS8rJsrWnSfqRn:BWzRLS309cU1T9TjilJ7fyOqgo2KYF5C
Malware Config
Extracted
netwire
fingers1.ddns.net:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
f27d216aad91d14815a55c01bd24a70f_JaffaCakes118
-
Size
380KB
-
MD5
f27d216aad91d14815a55c01bd24a70f
-
SHA1
645caa29aaf3c51730d42abb3b41cb921c26c357
-
SHA256
00a2bfbb9c07fad681cf1009e4a0b5de8d9b6d9ce0937887ca1f9c95153e6c22
-
SHA512
ac1706f87539a66635102f93e910195698ce3698ed95a0297e3ce6fb8f8e2cf9a895a9cc455fb8bbf569d8f4ebaa9b2e1a300e4f550dc85c7486bec198e2b4c0
-
SSDEEP
6144:BWzRLS309cUvtT9TjiL2kiSYl5uuaRkr6qgo2g/YAurK2B7QS8rJsrWnSfqRn:BWzRLS309cU1T9TjilJ7fyOqgo2KYF5C
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-