General
-
Target
2025-03-09_5fe11b99b677a2003daabb664d6c0fcf_bkransomware_hijackloader
-
Size
3.3MB
-
Sample
250309-b69kpawxev
-
MD5
5fe11b99b677a2003daabb664d6c0fcf
-
SHA1
fc867bb1da1d509e77c21e72915e64f74f600c0e
-
SHA256
fd43f0a3aa3122d62d50085980767dba08ddfeef9db3bfbb6ba31d1bcc720594
-
SHA512
cd6907c3d18b8410370397a2d266361b78e552a89d0d9f1fdc1d9d0b802029c08a40aff77cd61758218a7ed37eeb4aeab4d8235000c995191418a7b7a548b7fa
-
SSDEEP
98304:EaAHG4Ah2icXUrTFrE2cInIpzd5TGFLOAkGkz9YgBjHKnP7:t9w++pzd5TGFLOPYgHKnP7
Malware Config
Extracted
netwire
s2awscloudupdates.com:8081
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
happy666
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
2025-03-09_5fe11b99b677a2003daabb664d6c0fcf_bkransomware_hijackloader
-
Size
3.3MB
-
MD5
5fe11b99b677a2003daabb664d6c0fcf
-
SHA1
fc867bb1da1d509e77c21e72915e64f74f600c0e
-
SHA256
fd43f0a3aa3122d62d50085980767dba08ddfeef9db3bfbb6ba31d1bcc720594
-
SHA512
cd6907c3d18b8410370397a2d266361b78e552a89d0d9f1fdc1d9d0b802029c08a40aff77cd61758218a7ed37eeb4aeab4d8235000c995191418a7b7a548b7fa
-
SSDEEP
98304:EaAHG4Ah2icXUrTFrE2cInIpzd5TGFLOAkGkz9YgBjHKnP7:t9w++pzd5TGFLOPYgHKnP7
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-