General
-
Target
3c059bb0110143e563d7bf20cf1c3306a166fb5b24473f6f86d91175eb233bef.exe
-
Size
172KB
-
Sample
241120-xxv7lawnaj
-
MD5
3d08d511ea4188269bf7fc1521a52148
-
SHA1
abf02942fe18f587eb928bbccef27e3371988e5c
-
SHA256
3c059bb0110143e563d7bf20cf1c3306a166fb5b24473f6f86d91175eb233bef
-
SHA512
558aec3d94a814a2c814f2cbd7a13b64bb80f3f65c8f2ae5e3672108ea7d929400394b9e5d1d768dc3ce234662172df98d4422fd6d08b4719282beb4eaf91161
-
SSDEEP
3072:W6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZ0u:Wd0Ih532Kd3zjL7S1kEl7jyaFJmp
Malware Config
Extracted
netwire
185.84.181.95:8977
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
LAGOS NAWA
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3c059bb0110143e563d7bf20cf1c3306a166fb5b24473f6f86d91175eb233bef.exe
-
Size
172KB
-
MD5
3d08d511ea4188269bf7fc1521a52148
-
SHA1
abf02942fe18f587eb928bbccef27e3371988e5c
-
SHA256
3c059bb0110143e563d7bf20cf1c3306a166fb5b24473f6f86d91175eb233bef
-
SHA512
558aec3d94a814a2c814f2cbd7a13b64bb80f3f65c8f2ae5e3672108ea7d929400394b9e5d1d768dc3ce234662172df98d4422fd6d08b4719282beb4eaf91161
-
SSDEEP
3072:W6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZ0u:Wd0Ih532Kd3zjL7S1kEl7jyaFJmp
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Drops startup file
-
Suspicious use of SetThreadContext
-