General
-
Target
a97e85a40509f6bbc7427edf6a1db4c8_JaffaCakes118
-
Size
273KB
-
Sample
240614-nvmm1ashkn
-
MD5
a97e85a40509f6bbc7427edf6a1db4c8
-
SHA1
f3e0bd2597e0d1f819337808dee52babc70f16f5
-
SHA256
b23e4ec41a7eaacf693fc9f0651c514720b0ba28773c85aa6b8aa682a42c3a23
-
SHA512
5f1559c5fa0f6f4fb378b28ed82e00ef6e64f635f91ed78e8acb683c550b2a9cb19e30ed7aaa9563cde8d804444dc5834cd7f953b2e60fafc775c0a5bd11dbaa
-
SSDEEP
6144:Q5NT96qD0nnPSe/NZ+CVtZsStyK7sSVR0ICW0SEMUSdGg1MRafm1QhO:U96q4nnPSeDtySo251MRafm1QU
Static task
static1
Behavioral task
behavioral1
Sample
a97e85a40509f6bbc7427edf6a1db4c8_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
netwire
46.20.33.82:3444
62.102.148.181:57980
46.165.208.108:3490
213.152.162.99:3829
109.163.226.153:3829
95.211.229.148:3939
31.171.155.48:3444
-
activex_autorun
true
-
activex_key
{37BX32U8-4XG6-J37R-187I-4S4T4FD58C07}
-
copy_executable
true
-
delete_original
true
-
host_id
~PUMP~%Rand%
-
install_path
%AppData%\Microsoft\HKRUN.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
fUpgdpBV
-
offline_keylogger
true
-
password
123456
-
registry_autorun
true
-
startup_name
Microsoft
-
use_mutex
true
Targets
-
-
Target
a97e85a40509f6bbc7427edf6a1db4c8_JaffaCakes118
-
Size
273KB
-
MD5
a97e85a40509f6bbc7427edf6a1db4c8
-
SHA1
f3e0bd2597e0d1f819337808dee52babc70f16f5
-
SHA256
b23e4ec41a7eaacf693fc9f0651c514720b0ba28773c85aa6b8aa682a42c3a23
-
SHA512
5f1559c5fa0f6f4fb378b28ed82e00ef6e64f635f91ed78e8acb683c550b2a9cb19e30ed7aaa9563cde8d804444dc5834cd7f953b2e60fafc775c0a5bd11dbaa
-
SSDEEP
6144:Q5NT96qD0nnPSe/NZ+CVtZsStyK7sSVR0ICW0SEMUSdGg1MRafm1QhO:U96q4nnPSeDtySo251MRafm1QU
Score10/10-
NetWire RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-