Extracted

• • Target

    1cdf2ff6ac22daa830cecc5271d353f2_JaffaCakes118

  • Size

    535KB

  • MD5

    1cdf2ff6ac22daa830cecc5271d353f2

  • SHA1

    6d798406249052783bef1b0b641edcf592da842a

  • SHA256

    e1de1102ff8cdcae20afbfdb22e66505385f2749b7bc8d2d6e5ef80aab518570

  • SHA512

    c1dcd252e1b7b56acae7fbfed745c0396b7c499cdbdbf4b8a660beb5c6c3b84c623a534b8b7bad31429d0944d84f77eea5a75d6bdd6f23e6d22abf94a34beff4

  • SSDEEP

    12288:Ua/rmU5El82jSloGfOy/ExF3Mkwd0bHPgkC6YPxm9N:Uav5UjSloGfx/qFMKT8pCN

  Score

  10^/10

  netwirebotnetdiscoveryratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2