General
-
Target
JaffaCakes118_1c62bd6ba2e246f684a48068b0c02cd0
-
Size
172KB
-
Sample
250106-lp951atkft
-
MD5
1c62bd6ba2e246f684a48068b0c02cd0
-
SHA1
10f2818f976d6bc9670c8312e96af6bb30cacc57
-
SHA256
b4c6ae725929c95cf03afbe1aeebd92395c2a8f96946a686dafcac35d1d7d285
-
SHA512
4a528f81979a5d7075478cd93d5302096e65b1d064a7d2d33c2e7a3f8e6cd61d31d96f6922bf6e48f5c28c4aa338452fc2a20ce92d440d6a1df43170f5799f96
-
SSDEEP
3072:W6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZ0:Wd0Ih532Kd3zjL7S1kEl7jyaFJm
Malware Config
Extracted
netwire
185.84.181.95:8977
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
LAGOS NAWA
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
JaffaCakes118_1c62bd6ba2e246f684a48068b0c02cd0
-
Size
172KB
-
MD5
1c62bd6ba2e246f684a48068b0c02cd0
-
SHA1
10f2818f976d6bc9670c8312e96af6bb30cacc57
-
SHA256
b4c6ae725929c95cf03afbe1aeebd92395c2a8f96946a686dafcac35d1d7d285
-
SHA512
4a528f81979a5d7075478cd93d5302096e65b1d064a7d2d33c2e7a3f8e6cd61d31d96f6922bf6e48f5c28c4aa338452fc2a20ce92d440d6a1df43170f5799f96
-
SSDEEP
3072:W6RrEikYA0QdTh532O8QXJlx3er+jL7ScA96TElZIajM/naFhNlUw4WOXZ0:Wd0Ih532Kd3zjL7S1kEl7jyaFJm
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Drops startup file
-
Suspicious use of SetThreadContext
-