General
-
Target
a89049859aed13029acec8420258457b_JaffaCakes118
-
Size
386KB
-
Sample
240614-jhb9aazhmh
-
MD5
a89049859aed13029acec8420258457b
-
SHA1
41b8d309f841f8dc55e6dc72c1b2efd84201d174
-
SHA256
1ac0260e031d5ad4709225c2b25d4228778743af7f9c7da0cd433fd9466cf4fb
-
SHA512
653d1d046c3b452e3a93270c4b29e2209e59d7f1cff05aca9bf1d6c669eee286792d6225805d24b35254d60f6181b1ce9195f7e79d0e9ecfc805fe95d28ce721
-
SSDEEP
6144:12dzTxBUbCHWPEo1P/B2Pxz5U0oSDPkKwjmGmDC4RPkVBwWe:1SzTxBUuHWPZ460oSDhcaleg
Malware Config
Extracted
netwire
fingers1.ddns.net:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
a89049859aed13029acec8420258457b_JaffaCakes118
-
Size
386KB
-
MD5
a89049859aed13029acec8420258457b
-
SHA1
41b8d309f841f8dc55e6dc72c1b2efd84201d174
-
SHA256
1ac0260e031d5ad4709225c2b25d4228778743af7f9c7da0cd433fd9466cf4fb
-
SHA512
653d1d046c3b452e3a93270c4b29e2209e59d7f1cff05aca9bf1d6c669eee286792d6225805d24b35254d60f6181b1ce9195f7e79d0e9ecfc805fe95d28ce721
-
SSDEEP
6144:12dzTxBUbCHWPEo1P/B2Pxz5U0oSDPkKwjmGmDC4RPkVBwWe:1SzTxBUuHWPZ460oSDhcaleg
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-