General
-
Target
JaffaCakes118_1a3a70e34d3169bbe48da5c865a409e6
-
Size
127KB
-
Sample
241231-n9zk4ssjal
-
MD5
1a3a70e34d3169bbe48da5c865a409e6
-
SHA1
2d28d8ba36ab3c5895eb8c2535cdcab2181a9d10
-
SHA256
e6922b683b88493593b5767f8ec0e9076f3ed3a1e7a156575800817ddb7b9e9f
-
SHA512
ee1afc8dc98e2a0c9f8309c54fd6a700418113c1ec941fc8ef182bdbcb50480eb63e0530d5ce6eef6bb734405b917ea413057471214d7316b4cdf974e404777f
-
SSDEEP
3072:yb3RWhfmSbEsz7nD/x0dZTGvd+PACdEDXJS6eb5Viz7wREMV7:OIhfmSosz7nD/qvCdSdEDk6eb5VizsRL
Malware Config
Extracted
netwire
127.0.0.1:443
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
TEST
-
keylogger_dir
%AppData%\wincfg\
-
lock_executable
false
-
offline_keylogger
true
-
password
TEST
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
JaffaCakes118_1a3a70e34d3169bbe48da5c865a409e6
-
Size
127KB
-
MD5
1a3a70e34d3169bbe48da5c865a409e6
-
SHA1
2d28d8ba36ab3c5895eb8c2535cdcab2181a9d10
-
SHA256
e6922b683b88493593b5767f8ec0e9076f3ed3a1e7a156575800817ddb7b9e9f
-
SHA512
ee1afc8dc98e2a0c9f8309c54fd6a700418113c1ec941fc8ef182bdbcb50480eb63e0530d5ce6eef6bb734405b917ea413057471214d7316b4cdf974e404777f
-
SSDEEP
3072:yb3RWhfmSbEsz7nD/x0dZTGvd+PACdEDXJS6eb5Viz7wREMV7:OIhfmSosz7nD/qvCdSdEDk6eb5VizsRL
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-