General
-
Target
8acb1a113d20530f501fc371622ff0db_JaffaCakes118
-
Size
233KB
-
Sample
240601-r5vyxaff59
-
MD5
8acb1a113d20530f501fc371622ff0db
-
SHA1
3e3996eac73c8c5b100e578bf8794f61fb47d255
-
SHA256
08a1633161123a511f98004bda97d5ada42bf34a58e2e598fb321c1fe7a1d1a8
-
SHA512
4ad5c92a299457c8674b76ecf5cd8388fd0b658ef9441c8952d63ac63e8f7404551dc590dedf0c3896f5accbdd60fc365605acab424c42f48be65d1d080877ee
-
SSDEEP
6144:jxQxWRPYIA/fSU9Ja2da7MgpveTvmdhzh3+BPBZbzUE:jxQxWRPYIIfSUVaMmveTHBRR
Malware Config
Extracted
netwire
extensions14718.sytes.net:3324
extensions14718sec.sytes.net:3324
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
YbcwLUQv
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
8acb1a113d20530f501fc371622ff0db_JaffaCakes118
-
Size
233KB
-
MD5
8acb1a113d20530f501fc371622ff0db
-
SHA1
3e3996eac73c8c5b100e578bf8794f61fb47d255
-
SHA256
08a1633161123a511f98004bda97d5ada42bf34a58e2e598fb321c1fe7a1d1a8
-
SHA512
4ad5c92a299457c8674b76ecf5cd8388fd0b658ef9441c8952d63ac63e8f7404551dc590dedf0c3896f5accbdd60fc365605acab424c42f48be65d1d080877ee
-
SSDEEP
6144:jxQxWRPYIA/fSU9Ja2da7MgpveTvmdhzh3+BPBZbzUE:jxQxWRPYIIfSUVaMmveTHBRR
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-