General
-
Target
f40b73837b530a094ce1495cb6b64ab8_JaffaCakes118
-
Size
1.4MB
-
Sample
240924-txem3awfjc
-
MD5
f40b73837b530a094ce1495cb6b64ab8
-
SHA1
b17c0248249b855238fbb42bd230699b539380e7
-
SHA256
34ef6673b0523d45afc535c4a9965b2a20889aa08381eb4a66c452a8a19e1dd6
-
SHA512
53074ef82fbea96c1154006b428229a864ebaea5f5f9618b8e24a9a7190fcf601d73d85cdf7929153ba88ffd2e7190b68ed4fbc9dc85bb22451d7f0eb7b04afd
-
SSDEEP
24576:Rtb20pkaCqT5TBWgNQ7aEdKN0P5ZFSKdceoL+rQHxjhnVeIJZ26A:iVg5tQ7aEdtBnSKNoCcHxlVvq5
Malware Config
Extracted
netwire
hikari.sakananoko.io:9030
nozomi.sakananoko.io:9030
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Worcry-%Rand%
-
keylogger_dir
%appdata%\tezosbullrun\
-
lock_executable
false
-
mutex
ArccltiE
-
offline_keylogger
true
-
password
FuckThisWorld55+
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
f40b73837b530a094ce1495cb6b64ab8_JaffaCakes118
-
Size
1.4MB
-
MD5
f40b73837b530a094ce1495cb6b64ab8
-
SHA1
b17c0248249b855238fbb42bd230699b539380e7
-
SHA256
34ef6673b0523d45afc535c4a9965b2a20889aa08381eb4a66c452a8a19e1dd6
-
SHA512
53074ef82fbea96c1154006b428229a864ebaea5f5f9618b8e24a9a7190fcf601d73d85cdf7929153ba88ffd2e7190b68ed4fbc9dc85bb22451d7f0eb7b04afd
-
SSDEEP
24576:Rtb20pkaCqT5TBWgNQ7aEdKN0P5ZFSKdceoL+rQHxjhnVeIJZ26A:iVg5tQ7aEdtBnSKNoCcHxlVvq5
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Suspicious use of SetThreadContext
-