General
-
Target
80f528588d5e84152ecf6e25b8dad4dd_JaffaCakes118
-
Size
7.6MB
-
Sample
240529-q5hg5sgd5x
-
MD5
80f528588d5e84152ecf6e25b8dad4dd
-
SHA1
80947aee4243d752b9c187caf01b3d864b7474c7
-
SHA256
cdfd2505408b2c422e018011e64500a241f149654435a7cd0e4d674a733c5bd6
-
SHA512
2e3ed889d636e45c52b65e8445dd6bf630f9117703cf98fcf95e6a129856d5c8b6bd0fa4f8812fe33eb52b8872194ff11222ffd9170e08c0f3d5934672aebcdc
-
SSDEEP
3072:QexSaR/D54T4ebgGZB8OOccgwM6G2Cgo5wUlkGkfCNrkdTOMJXIYOUHqlJN3Wpl:Qklr5kbg0B8VcnJcCg4jlkGp0T5i
Malware Config
Extracted
netwire
miikymouse1978.ooguy.com:5435
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
myRattyVin
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
glgSVnej
-
offline_keylogger
true
-
password
jamesnature
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
80f528588d5e84152ecf6e25b8dad4dd_JaffaCakes118
-
Size
7.6MB
-
MD5
80f528588d5e84152ecf6e25b8dad4dd
-
SHA1
80947aee4243d752b9c187caf01b3d864b7474c7
-
SHA256
cdfd2505408b2c422e018011e64500a241f149654435a7cd0e4d674a733c5bd6
-
SHA512
2e3ed889d636e45c52b65e8445dd6bf630f9117703cf98fcf95e6a129856d5c8b6bd0fa4f8812fe33eb52b8872194ff11222ffd9170e08c0f3d5934672aebcdc
-
SSDEEP
3072:QexSaR/D54T4ebgGZB8OOccgwM6G2Cgo5wUlkGkfCNrkdTOMJXIYOUHqlJN3Wpl:Qklr5kbg0B8VcnJcCg4jlkGp0T5i
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-