General
-
Target
fe6b9636c6363b1cbcecd2b690408d77_JaffaCakes118
-
Size
616KB
-
Sample
241219-ez2haaypbp
-
MD5
fe6b9636c6363b1cbcecd2b690408d77
-
SHA1
c1e7b86bb283116568211eeb200bb4eff457948c
-
SHA256
f7c37eac5808e804c64864a30eaa565b0cdf35b3738f049ac2e6f793f7603cec
-
SHA512
6241aa32dc8b80cc42ddce37e25586fb5b84f06a7d7a590c1e87650493f9f805843fd0de350e798e38a155f5901858f60ca5178e24cec0a954d5ca5c14f37776
-
SSDEEP
12288:mbdH+dbp3YjHGeBGLIdlvdGlRFKQQGoUvW5Vr5UjNaFkX2UHBNxrKU/Ia1SHKUpo:mbdyFyHGGFGF2GoU4Vr5QNa
Malware Config
Extracted
netwire
194.5.97.220:3387
194.5.97.220:3389
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
stanlow02
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
fe6b9636c6363b1cbcecd2b690408d77_JaffaCakes118
-
Size
616KB
-
MD5
fe6b9636c6363b1cbcecd2b690408d77
-
SHA1
c1e7b86bb283116568211eeb200bb4eff457948c
-
SHA256
f7c37eac5808e804c64864a30eaa565b0cdf35b3738f049ac2e6f793f7603cec
-
SHA512
6241aa32dc8b80cc42ddce37e25586fb5b84f06a7d7a590c1e87650493f9f805843fd0de350e798e38a155f5901858f60ca5178e24cec0a954d5ca5c14f37776
-
SSDEEP
12288:mbdH+dbp3YjHGeBGLIdlvdGlRFKQQGoUvW5Vr5UjNaFkX2UHBNxrKU/Ia1SHKUpo:mbdyFyHGGFGF2GoU4Vr5QNa
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-