Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fd5e989b18024c8facbe3502ec992424_JaffaCakes118
-
Size
1.3MB
-
Sample
240928-3mf8kstfrd
-
MD5
fd5e989b18024c8facbe3502ec992424
-
SHA1
84793b73e9268b1cf8db5980644c10d78aaf4dff
-
SHA256
a6ac691e92d4067b22fbbc3b4190dfeffe0addcff4ecf07e159390fb9273ddc0
-
SHA512
9768b8b83c55ee5773535f2bffbff041cae8fcecb84d801d240e7e9c767d80bf50f016e1d3c576b7108f57d6f0ae4171cc34ab01fe430601cb5ccbd47778f618
-
SSDEEP
24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAUSansm1ZwMW5:5h+ZkldoPK8YaAqvZW
Malware Config
Extracted
netwire
halwachi50.mymediapc.net:5868
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
fd5e989b18024c8facbe3502ec992424_JaffaCakes118
-
Size
1.3MB
-
MD5
fd5e989b18024c8facbe3502ec992424
-
SHA1
84793b73e9268b1cf8db5980644c10d78aaf4dff
-
SHA256
a6ac691e92d4067b22fbbc3b4190dfeffe0addcff4ecf07e159390fb9273ddc0
-
SHA512
9768b8b83c55ee5773535f2bffbff041cae8fcecb84d801d240e7e9c767d80bf50f016e1d3c576b7108f57d6f0ae4171cc34ab01fe430601cb5ccbd47778f618
-
SSDEEP
24576:OAHnh+eWsN3skA4RV1Hom2KXMmHaAUSansm1ZwMW5:5h+ZkldoPK8YaAqvZW
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-