General
-
Target
af79eb8a77c46f99d2a80841353679d2_JaffaCakes118
-
Size
392KB
-
Sample
240615-vl6svayaja
-
MD5
af79eb8a77c46f99d2a80841353679d2
-
SHA1
d07a388f144864a69d3b1fb9f6b83a5a9fc01b4d
-
SHA256
a7374e3645615c6c1c7326ccdab9c6743ed71723397524a15b1548d2c1a24a15
-
SHA512
aa88e883bf3f1c1387283e0e68b40cf13e55501c328ac26efa663c943d9b9bf6f8f0e0d5a8162783feadde3d2e4f7279d6a327ba9c2dc2e77c05042e42e5e3c4
-
SSDEEP
6144:fNXqRB78GUgn+DTCcfBLy+SnpsuXBKnVN0tYyvrn:VXqr78GU8G98RKVGr
Malware Config
Extracted
netwire
wealthyman.brasilia.me:39560
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
WEALTH
-
keylogger_dir
%AppData%\music\
-
lock_executable
false
-
offline_keylogger
true
-
password
sucess
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
af79eb8a77c46f99d2a80841353679d2_JaffaCakes118
-
Size
392KB
-
MD5
af79eb8a77c46f99d2a80841353679d2
-
SHA1
d07a388f144864a69d3b1fb9f6b83a5a9fc01b4d
-
SHA256
a7374e3645615c6c1c7326ccdab9c6743ed71723397524a15b1548d2c1a24a15
-
SHA512
aa88e883bf3f1c1387283e0e68b40cf13e55501c328ac26efa663c943d9b9bf6f8f0e0d5a8162783feadde3d2e4f7279d6a327ba9c2dc2e77c05042e42e5e3c4
-
SSDEEP
6144:fNXqRB78GUgn+DTCcfBLy+SnpsuXBKnVN0tYyvrn:VXqr78GU8G98RKVGr
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-