General
-
Target
bb4773c106ac654769bca2778273b3efc76226a93cee33cfa2c099fc9d0e44cbN.exe
-
Size
296KB
-
Sample
250122-vhhxlsxkal
-
MD5
ca239e74778ea238c877d0a08ff014e0
-
SHA1
cd3cce3b44b9b21384b292add85ee800ca4a6166
-
SHA256
bb4773c106ac654769bca2778273b3efc76226a93cee33cfa2c099fc9d0e44cb
-
SHA512
5af6a0b7ac51b546bd9309c9a0bfcb6ace1fb12cc7ad288734483e02c478c9924bb39e117c13678856fbbc76aa04fe8570f7754e2aeb1c2935f6c82997feb4fb
-
SSDEEP
3072:tg6pbDIqOnD6rdKRMvXs+oCTZG9QBNctlVeFAnhPQ12uDefLFmLf9WL5Bcxw:5Ddrvv8O1Ga9qtH5mLfoA
Malware Config
Extracted
netwire
wealthyman.brasilia.me:39560
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
WEALTH
-
keylogger_dir
%AppData%\music\
-
lock_executable
false
-
offline_keylogger
true
-
password
sucess
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
bb4773c106ac654769bca2778273b3efc76226a93cee33cfa2c099fc9d0e44cbN.exe
-
Size
296KB
-
MD5
ca239e74778ea238c877d0a08ff014e0
-
SHA1
cd3cce3b44b9b21384b292add85ee800ca4a6166
-
SHA256
bb4773c106ac654769bca2778273b3efc76226a93cee33cfa2c099fc9d0e44cb
-
SHA512
5af6a0b7ac51b546bd9309c9a0bfcb6ace1fb12cc7ad288734483e02c478c9924bb39e117c13678856fbbc76aa04fe8570f7754e2aeb1c2935f6c82997feb4fb
-
SSDEEP
3072:tg6pbDIqOnD6rdKRMvXs+oCTZG9QBNctlVeFAnhPQ12uDefLFmLf9WL5Bcxw:5Ddrvv8O1Ga9qtH5mLfoA
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-