General
-
Target
e6ccbe41f2855cb0789c917f7faaf132d8d2a9ecd103f3c2aaf0f87fca1f8f96
-
Size
1.0MB
-
Sample
250312-hlqems1ms7
-
MD5
d02530f3b97431f4ccb75d4fbedcf106
-
SHA1
5825dd6577ca148476f6e68987915206d44d82c4
-
SHA256
e6ccbe41f2855cb0789c917f7faaf132d8d2a9ecd103f3c2aaf0f87fca1f8f96
-
SHA512
023377cd5ad6afbfd5631ce29c676fef694daf088a0b44b6d3a165db18c843595cf8bf8c0798d5408c6b374f97b0ad96a97ae9ef738493456bd245f391c4bc8b
-
SSDEEP
24576:46T8Ujl6vO01C1GCTsYoQZtlsZdc40QDrUYuGG1ihTGTTi0CnGkz4mvrgEJLW:eTUwTGTTglz4mvUt
Malware Config
Extracted
netwire
s3awscloud.com:8080
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\sLogs\
-
lock_executable
false
-
offline_keylogger
true
-
password
mrx325hydra11
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
e6ccbe41f2855cb0789c917f7faaf132d8d2a9ecd103f3c2aaf0f87fca1f8f96
-
Size
1.0MB
-
MD5
d02530f3b97431f4ccb75d4fbedcf106
-
SHA1
5825dd6577ca148476f6e68987915206d44d82c4
-
SHA256
e6ccbe41f2855cb0789c917f7faaf132d8d2a9ecd103f3c2aaf0f87fca1f8f96
-
SHA512
023377cd5ad6afbfd5631ce29c676fef694daf088a0b44b6d3a165db18c843595cf8bf8c0798d5408c6b374f97b0ad96a97ae9ef738493456bd245f391c4bc8b
-
SSDEEP
24576:46T8Ujl6vO01C1GCTsYoQZtlsZdc40QDrUYuGG1ihTGTTi0CnGkz4mvrgEJLW:eTUwTGTTglz4mvUt
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Netwire family
-
Executes dropped EXE
-
Loads dropped DLL
-