General
-
Target
fe1a21fd2f2c7385f70ed907ea985707_JaffaCakes118
-
Size
110KB
-
Sample
240929-jxxtjavgrr
-
MD5
fe1a21fd2f2c7385f70ed907ea985707
-
SHA1
30abfcfb656f8dfa304aa40c328bd879e532483a
-
SHA256
f338a70e47e02ffe040eb7d23a3d15ecdb6252412f786c95bad31c0c51f7d2a8
-
SHA512
6f55edda96d10d63eba9b1c0ca03f02f74af555e0731fe7b03e5b534ffa5f14654076b5e69bff775281569eef01874dd300c0e9943129617307688c0112bae48
-
SSDEEP
3072:/i51oD+WU38f5wrEI1cAXBgQRCh+dawWh4eIqfV:6/ojO83I1UEChu1WCejt
Malware Config
Extracted
netwire
127.0.0.1:1533
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
spaxxxvbn
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
sparrows.exe
-
Size
208KB
-
MD5
0b7621da72f30a6ce13f51de02bfd098
-
SHA1
68c7dc41b82713067c4fde4455339d84e2c39e66
-
SHA256
2e27bf386a514320dc15a2cbce4967a1cb7602dbc2e90865dc19d422776e8063
-
SHA512
cc9c208c1bfca3ccb6ba6466072414787b9105d13e90d7dcfea0d61de394751c9d9c5f0d9f4d385c98240c188dcd67044d22a3033afc05e5970f2df43bd3ea65
-
SSDEEP
3072:bNFviD+WU38n5wrEY13Mz1eGbbrdgMTXOM7B+p:JspO8vY13FGXxge4p
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-