General
-
Target
fda4d446512690de6db76be57c9f28ed_JaffaCakes118
-
Size
83KB
-
Sample
240929-c7lexsxaml
-
MD5
fda4d446512690de6db76be57c9f28ed
-
SHA1
ef079dd03a7b77562e6775318be5c7ed85eef994
-
SHA256
d3ff8492eb7caa7c1cb22fb6bddc29f44452a12ce5225448dc2d16bc8e2afbf8
-
SHA512
7a8edd171eacdcc27f23a3ce9c30e00b03e900daf10175e4a8b8c20847bcdc56f151a94bbb478fa6243542726a6de1d08952e8dc6a077d58047ed1dd8a844f72
-
SSDEEP
1536:Ql4jdsl5Lzkk0p6tF4IUSaFYaLLNTraT8ZB5Bkf2HJqyHYLZ6hzrjyb:a4jdgpz66EvSaFYAxqT8nGwHYlqrub
Malware Config
Extracted
netwire
crimea-kremlin.duckdns.org:3396
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Crimea
-
lock_executable
false
-
mutex
XgVApLQA
-
offline_keylogger
false
-
password
codin2318
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
54cd2f165cdc6bc4fcc50fce8da1206b5c1bfedb442d2a000e965019d379a719.exe
-
Size
161KB
-
MD5
ef86e680b9b0f9d2b678c2bac63ee78a
-
SHA1
bf55e08a30504a013b033c73530914e32a2e6190
-
SHA256
54cd2f165cdc6bc4fcc50fce8da1206b5c1bfedb442d2a000e965019d379a719
-
SHA512
78f8eb2a7f1189d92deb7d65a05d365952e2e36468dc30a5d92dc091ac789b0b699d80faa7a139b3f40add916b3109fb211abac2d2fa380ed373c5bd1c702f7e
-
SSDEEP
3072:S3bwUUCZjY/UURTbaiceGUlzFr0qOnZEcsx8VLJ2YMSMqqD0Ffo:S3kUjJY/fRT+iceGUlzFruZdJ2zxqqDd
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-