General
-
Target
1b11a9827419fd5cf38e4abededc40e7aa1b91dd47a13b6a66b818e02461a557.exe
-
Size
172KB
-
Sample
241121-lskdrazhpf
-
MD5
f0c75348e5b95bdede22c145db15c309
-
SHA1
6ae625a247c3ca34ede836578104dad1543d0df3
-
SHA256
1b11a9827419fd5cf38e4abededc40e7aa1b91dd47a13b6a66b818e02461a557
-
SHA512
7e3c1f39101471c8126ce423d902a7467adc5a22317cb7afee8e96148e9440e71920d63d173a4d4c6e9f0ba95db422b3632e98ce95d3fdade261b68109aeabcd
-
SSDEEP
3072:P6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZt6:Pd0Ih532Kd3zjL7S1kEl7jyaFJmM
Malware Config
Extracted
netwire
185.84.181.95:8977
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
LAGOS NAWA
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
1b11a9827419fd5cf38e4abededc40e7aa1b91dd47a13b6a66b818e02461a557.exe
-
Size
172KB
-
MD5
f0c75348e5b95bdede22c145db15c309
-
SHA1
6ae625a247c3ca34ede836578104dad1543d0df3
-
SHA256
1b11a9827419fd5cf38e4abededc40e7aa1b91dd47a13b6a66b818e02461a557
-
SHA512
7e3c1f39101471c8126ce423d902a7467adc5a22317cb7afee8e96148e9440e71920d63d173a4d4c6e9f0ba95db422b3632e98ce95d3fdade261b68109aeabcd
-
SSDEEP
3072:P6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZt6:Pd0Ih532Kd3zjL7S1kEl7jyaFJmM
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Drops startup file
-
Suspicious use of SetThreadContext
-