Remotely Administrated Evil 3

Challenge:

What type of malware infection is Example 1?

Submit as flag{infection name}.

Use the file from Remotely Administrated Evil.

Solution:

My custom Zeek script auto-extracted files during the Remotely Administrated Evil 1 challenge so I grabbed the MD5 hash (91506bc2a51501164b6a2b0c18ad1c44) of the malware and searched various malware analysis services. ANY.RUN had the sample tagged as _NetWire:

Making the completed flag, flag{NetWire}.