General
-
Target
JaffaCakes118_15058f6aac8578e5d0483ca0e5bce02b
-
Size
172KB
-
Sample
241231-mk638awnat
-
MD5
15058f6aac8578e5d0483ca0e5bce02b
-
SHA1
27b7b2408ba34d24e62bafcdbf735c41c8bdafde
-
SHA256
76e360ea8d5561801ac22e240a89358eff7ca36e78d3145af919e54406704c7d
-
SHA512
61651aa32660497e470057bb0c6c788fe9f13d09f6a6ae77211aaf983da6af7ca88c25a1383bb67e4f4938ee91d4040714230a0f82b6a7bc47da8ef975a4c80b
-
SSDEEP
3072:M6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZS:Md0Ih532Kd3zjL7S1kEl7jyaFJm
Malware Config
Extracted
netwire
185.84.181.95:8977
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
LAGOS NAWA
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
JaffaCakes118_15058f6aac8578e5d0483ca0e5bce02b
-
Size
172KB
-
MD5
15058f6aac8578e5d0483ca0e5bce02b
-
SHA1
27b7b2408ba34d24e62bafcdbf735c41c8bdafde
-
SHA256
76e360ea8d5561801ac22e240a89358eff7ca36e78d3145af919e54406704c7d
-
SHA512
61651aa32660497e470057bb0c6c788fe9f13d09f6a6ae77211aaf983da6af7ca88c25a1383bb67e4f4938ee91d4040714230a0f82b6a7bc47da8ef975a4c80b
-
SSDEEP
3072:M6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZS:Md0Ih532Kd3zjL7S1kEl7jyaFJm
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Drops startup file
-
Suspicious use of SetThreadContext
-