General
-
Target
594ae52730ed0a24d4b79f3379a914e60f892dd0d3e055f1e9b7b0eb9ec1c507.exe
-
Size
1.3MB
-
Sample
250116-dga2yayjht
-
MD5
cef06ebcec3203d66ae157ebb0d40e90
-
SHA1
420fd425b0c90fb6489fb84cb815a9735dd9d9d1
-
SHA256
594ae52730ed0a24d4b79f3379a914e60f892dd0d3e055f1e9b7b0eb9ec1c507
-
SHA512
9cc9a6a709cfd8ebd193e266a5995b1b4f7334a8e330963217427a862f1fe9ce42cf9ae2c56b7af11999a0de927a12434938ead829c6f47764253ce2fa3e083a
-
SSDEEP
24576:eAHnh+eWsN3skA4RV1Hom2KXMmHaPanF0v6556ACILT5d:Jh+ZkldoPK8YaPgr8IBd
Malware Config
Extracted
netwire
193.56.28.162:3361
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
11
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
mpGoHcGu
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
594ae52730ed0a24d4b79f3379a914e60f892dd0d3e055f1e9b7b0eb9ec1c507.exe
-
Size
1.3MB
-
MD5
cef06ebcec3203d66ae157ebb0d40e90
-
SHA1
420fd425b0c90fb6489fb84cb815a9735dd9d9d1
-
SHA256
594ae52730ed0a24d4b79f3379a914e60f892dd0d3e055f1e9b7b0eb9ec1c507
-
SHA512
9cc9a6a709cfd8ebd193e266a5995b1b4f7334a8e330963217427a862f1fe9ce42cf9ae2c56b7af11999a0de927a12434938ead829c6f47764253ce2fa3e083a
-
SSDEEP
24576:eAHnh+eWsN3skA4RV1Hom2KXMmHaPanF0v6556ACILT5d:Jh+ZkldoPK8YaPgr8IBd
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Drops startup file
-
Suspicious use of SetThreadContext
-