General
-
Target
42206004d2fe0e0cdf8702fa8b528136_JaffaCakes118
-
Size
148KB
-
Sample
241013-z6j7sstbrq
-
MD5
42206004d2fe0e0cdf8702fa8b528136
-
SHA1
2d741a33dc85b9d2e89fbd046f660e5daaca22fc
-
SHA256
23bca60c072b04f5b3c4551556c8614b0a9c379e4600de36fe396d9d723c795d
-
SHA512
5e14895736570909f5c65e15aa59c2cd0b701017ec361859c8c92e81b9b36c70e15b173dc0bed6d4e3187a8a238b270d6b82bbcd8b8fe682c82358ead36e2faa
-
SSDEEP
3072:MV/JroSSySfXC/bJF0aJy87qcB6Qmp3xZ7:MVo4bDethpP
Malware Config
Extracted
netwire
31.193.9.126:3344
-
activex_autorun
true
-
activex_key
{26D25HW4-31VL-6865-N1YP-0VAD0668NY46}
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
calc
-
use_mutex
false
Targets
-
-
Target
42206004d2fe0e0cdf8702fa8b528136_JaffaCakes118
-
Size
148KB
-
MD5
42206004d2fe0e0cdf8702fa8b528136
-
SHA1
2d741a33dc85b9d2e89fbd046f660e5daaca22fc
-
SHA256
23bca60c072b04f5b3c4551556c8614b0a9c379e4600de36fe396d9d723c795d
-
SHA512
5e14895736570909f5c65e15aa59c2cd0b701017ec361859c8c92e81b9b36c70e15b173dc0bed6d4e3187a8a238b270d6b82bbcd8b8fe682c82358ead36e2faa
-
SSDEEP
3072:MV/JroSSySfXC/bJF0aJy87qcB6Qmp3xZ7:MVo4bDethpP
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-