General
-
Target
f4e294e4ff1d37874053074e502349ec.bin
-
Size
235KB
-
Sample
240529-dsj4zsgd61
-
MD5
f23d242eab783e6777083421163574ac
-
SHA1
1652332f23bbf6da0cc6b562ac6a18261c12c3ee
-
SHA256
29140d152decd019a1c0ceac94617dfcd04700db84a6711fca33ccb94039fbe5
-
SHA512
6e206bf0c7255c87d39d101d5ec1bd6c23473d60a2c75b6635ae906dab905c4fc35bb19a3689694f8cea0d036b1c6aa68e6e1f70a859e6d356ebeca4c6371de7
-
SSDEEP
6144:uy8UhviqhXYrl0hs37RHVLaMVBnDB1E4Umi:uys4XYr6hu7RHJ9bDDEl
Malware Config
Extracted
netwire
190.123.44.137:3369
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
5d3cd35b14139a2a6e67171db87a035c3da9aba952969197e41fa78abdf7ff4e.exe
-
Size
780KB
-
MD5
f4e294e4ff1d37874053074e502349ec
-
SHA1
ada0f22588448ffc218556ce12b045316d1ee418
-
SHA256
5d3cd35b14139a2a6e67171db87a035c3da9aba952969197e41fa78abdf7ff4e
-
SHA512
c81582ce3119cc670f6092c82a525dc0fb9a4b68427646a7bc04fe0e0814845a82782c4284c5576453bc944f660778dc836d784d7f5fd780c56a101574cb0328
-
SSDEEP
3072:lD7fFC3Xi1NCvsHrryNyXtYUKucJcmGUcBCEHl5HHghiUjIyDvUmTncs4U+21s8D:lv06NIIKOm+YSHllAhxc2smYsvds8WC
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-