Extracted

• • Target

    98c2651be2fced7756397db51da153a5_JaffaCakes118

  • Size

    465KB

  • MD5

    98c2651be2fced7756397db51da153a5

  • SHA1

    bfde78955e503f192cda5890c0d1d1d1435e3f26

  • SHA256

    b5188ff9a7b397e5bddcd49ef6f41a8a343bf5ea0dba5e016bec8abc9d2bf603

  • SHA512

    16ef4ac96802fd82d9c5bca2f646f3d8c19cecd077520fe123032eaebaaa1636de4971ffdf75589139ad70b9025b95008668f0d1d9ee909a7cb644c31c6f0990

  • SSDEEP

    6144:2HaSEfGRUovnHiFTk6xwK/3oYUTUW8o8HU:26JOGovHiFI6/P6/8S

  Score

  10^/10

  netwirebotnetdiscoverypersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Netwire family

    netwire

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2