General
-
Target
727c5bfafb58e675457b1136b4bb0a1c_JaffaCakes118
-
Size
5.2MB
-
Sample
240525-tdmvbshg3v
-
MD5
727c5bfafb58e675457b1136b4bb0a1c
-
SHA1
38dfd92a497790a83d9f4f9678c115c88114bbde
-
SHA256
0c66caa1548dc63e85135f44fd3ff7f44c6b00af27554c01918d230bff9ec542
-
SHA512
8c3f24d1b9235876c3d19f3817da13a49cb408a72df7cd575912e612b2d4550d7997506f4a760c0ab0e3251b5140d9e6db46f8cc48c91b86e1024ad7542579da
-
SSDEEP
6144:lp+ge2MsFiJZFl6MbEdjmcw2lMEh3URmwiJ:73iRIGEdycZMe3UIwU
Malware Config
Extracted
netwire
wealthgrace.ddns.me:39560
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
sunshineslisa
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\Imgburn\
-
lock_executable
false
-
mutex
KTDomPTi
-
offline_keylogger
true
-
password
sucess
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
727c5bfafb58e675457b1136b4bb0a1c_JaffaCakes118
-
Size
5.2MB
-
MD5
727c5bfafb58e675457b1136b4bb0a1c
-
SHA1
38dfd92a497790a83d9f4f9678c115c88114bbde
-
SHA256
0c66caa1548dc63e85135f44fd3ff7f44c6b00af27554c01918d230bff9ec542
-
SHA512
8c3f24d1b9235876c3d19f3817da13a49cb408a72df7cd575912e612b2d4550d7997506f4a760c0ab0e3251b5140d9e6db46f8cc48c91b86e1024ad7542579da
-
SSDEEP
6144:lp+ge2MsFiJZFl6MbEdjmcw2lMEh3URmwiJ:73iRIGEdycZMe3UIwU
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-