Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd5e989b18024c8facbe3502ec992424_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240928-3mf8kstfrd

  • MD5

    fd5e989b18024c8facbe3502ec992424

  • SHA1

    84793b73e9268b1cf8db5980644c10d78aaf4dff

  • SHA256

    a6ac691e92d4067b22fbbc3b4190dfeffe0addcff4ecf07e159390fb9273ddc0

  • SHA512

    9768b8b83c55ee5773535f2bffbff041cae8fcecb84d801d240e7e9c767d80bf50f016e1d3c576b7108f57d6f0ae4171cc34ab01fe430601cb5ccbd47778f618

  • SSDEEP

    24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAUSansm1ZwMW5:5h+ZkldoPK8YaAqvZW

Malware Config

Extracted

Family

netwire

C2

halwachi50.mymediapc.net:5868

Attributes
  • activex_autorun

    false

  • copy_executable

    true

  • delete_original

    false

  • host_id

    HostId-%Rand%

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • use_mutex

    false

Targets

    • Target

      fd5e989b18024c8facbe3502ec992424_JaffaCakes118

    • Size

      1.3MB

    • MD5

      fd5e989b18024c8facbe3502ec992424

    • SHA1

      84793b73e9268b1cf8db5980644c10d78aaf4dff

    • SHA256

      a6ac691e92d4067b22fbbc3b4190dfeffe0addcff4ecf07e159390fb9273ddc0

    • SHA512

      9768b8b83c55ee5773535f2bffbff041cae8fcecb84d801d240e7e9c767d80bf50f016e1d3c576b7108f57d6f0ae4171cc34ab01fe430601cb5ccbd47778f618

    • SSDEEP

      24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAUSansm1ZwMW5:5h+ZkldoPK8YaAqvZW

    • NetWire RAT payload

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.