Malware Family NetWire
Date Added Jan. 7, 2016, 9:11 p.m.
MD5 8edd30629d95cbde0f0684ab42b44e83
Sha256 4a6c9139179648f36ac02ec4ef06746e890e8426c84b2c911fc1ff2f27c2b67c
Robot Robots lovingly delivered by
Config Sections
Delete original True
ActiveX autorun True
Install Path %AppData%\temp/smss.exe
Copy executable True
Host ID HostId-%Rand%
Lock executable True
ActiveX Key {U6X0AX43-RQU5-CTXE-8B62-17QYBXMYAUT3}
Use a mutex True
Mutex vbFwRMXk
Proxy Server Not Configured
Registry autorun True
Offline keylogger True
Domains ['']
Startup Name smss.exe
Password !@#GooD#@!
KeyLog Dir %AppData%\Logs\
Proxy Option Direct connection

46 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code 0
Geo Location
Yara Rules
comments powered by Disqus