General
-
Target
afb0e3e0d836403e9f897b3f89933922600739c840c164b9f4e368ec5f6a7538.exe
-
Size
172KB
-
Sample
241124-cxsfgswjbp
-
MD5
eab07a35e10ac8ae15257b7a99f2c80f
-
SHA1
e225624cb01ecfc373cbbd1078ddfe964bf246f4
-
SHA256
afb0e3e0d836403e9f897b3f89933922600739c840c164b9f4e368ec5f6a7538
-
SHA512
366a3d84f5949e88fb8e76c2bda0dd7be308f928c1cad34651df910d4bef09b79cecd20e87d591c6612cd1f437dbcd7b877e02eab2111f885f7d6e1d1e065168
-
SSDEEP
3072:I6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZuq:Id0Ih532Kd3zjL7S1kEl7jyaFJml
Malware Config
Extracted
netwire
185.84.181.95:8977
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
LAGOS NAWA
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
afb0e3e0d836403e9f897b3f89933922600739c840c164b9f4e368ec5f6a7538.exe
-
Size
172KB
-
MD5
eab07a35e10ac8ae15257b7a99f2c80f
-
SHA1
e225624cb01ecfc373cbbd1078ddfe964bf246f4
-
SHA256
afb0e3e0d836403e9f897b3f89933922600739c840c164b9f4e368ec5f6a7538
-
SHA512
366a3d84f5949e88fb8e76c2bda0dd7be308f928c1cad34651df910d4bef09b79cecd20e87d591c6612cd1f437dbcd7b877e02eab2111f885f7d6e1d1e065168
-
SSDEEP
3072:I6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZuq:Id0Ih532Kd3zjL7S1kEl7jyaFJml
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Drops startup file
-
Suspicious use of SetThreadContext
-