General
-
Target
JaffaCakes118_e8ef02beaf986390fcb537d1cb3d6a51
-
Size
4.4MB
-
Sample
250110-t25eaaskdj
-
MD5
e8ef02beaf986390fcb537d1cb3d6a51
-
SHA1
fb47e64ccd6566032d7c85a89a8570270d8621a5
-
SHA256
370c78ecd539292a20e84dd4f58aaf5194a3b0db5ea857adfd46b50d6333426a
-
SHA512
8a488b90a5337acdf93a104e8aa963c9ca1d9d122606359f5629441b6ef2d745b35c9b6da2d3c85946bffdb0a8cf316c7f6db4bf967b67a064154143170bfc33
-
SSDEEP
98304:74AqGkgAo0Gkuv0VrN2OVDv4j24lilj1qT:74vlPqsrNAi9UT
Malware Config
Extracted
netwire
173.209.48.226:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-cWM6mg
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
JaffaCakes118_e8ef02beaf986390fcb537d1cb3d6a51
-
Size
4.4MB
-
MD5
e8ef02beaf986390fcb537d1cb3d6a51
-
SHA1
fb47e64ccd6566032d7c85a89a8570270d8621a5
-
SHA256
370c78ecd539292a20e84dd4f58aaf5194a3b0db5ea857adfd46b50d6333426a
-
SHA512
8a488b90a5337acdf93a104e8aa963c9ca1d9d122606359f5629441b6ef2d745b35c9b6da2d3c85946bffdb0a8cf316c7f6db4bf967b67a064154143170bfc33
-
SSDEEP
98304:74AqGkgAo0Gkuv0VrN2OVDv4j24lilj1qT:74vlPqsrNAi9UT
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Drops startup file
-