Malware Family NetWire
Date Added Jan. 10, 2016, 10:33 p.m.
MD5 88464e59fc7e8fc28494860a16bf3aa5
Sha256 1269855d8a83079231d8f28b867f3e5ac285c1f14689bb5a2dba0873a06c73cf
Robot Robots lovingly delivered by
Config Sections
Delete original True
ActiveX autorun True
Install Path %AppData%\Install\Host.exe
Copy executable True
Host ID HostId-%Rand%
Lock executable True
ActiveX Key {241QQ751-WPNR-4K1Q-YNV1-5QU1DD2087O5}
Use a mutex True
Mutex GRPLtigW
Proxy Server Not Configured
Registry autorun True
Offline keylogger True
Domains ['']
Startup Name Wire
Password Password
KeyLog Dir %AppData%\Logs\
Proxy Option Direct connection

46 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code FR
Geo Location
Yara Rules
comments powered by Disqus