General
-
Target
b4f13d994a6ecd0853ffae7794afdb36
-
Size
15.0MB
-
Sample
201117-3zqf5x3wq2
-
MD5
d8b28c55bf7cc4a07a1766b33109e82b
-
SHA1
03ba66c56ca18bcecd078aeb9558825062157403
-
SHA256
13540d62324d40e8b15db72f32fdf1eb407f4f4d9c4cac05d5f436c39a000df2
-
SHA512
2654e24a3d2a23b8f004d32cc809fc4826fba7d59eb13889f2cc0e1f5df967fa91bf38873f1d555da62e427dde47adfd8231e91d62a0a55195858fc01fab22b6
Malware Config
Extracted
remcos
roxy.dynalias.net:3297
regiskm67.buyshouses.net:3297
dico.is-a-liberal.com:3297
neverdiemosole.is-a-doctor.com:3297
zeusnodie.mypets.ws:3297
nvdiedicobies.is-a-hard-worker.com:3297
nvdieroxy.kicks-ass.net:3297
nvdiedicozeuse.webhop.org:3297
Targets
-
-
Target
b4f13d994a6ecd0853ffae7794afdb36
-
Size
15.0MB
-
MD5
d8b28c55bf7cc4a07a1766b33109e82b
-
SHA1
03ba66c56ca18bcecd078aeb9558825062157403
-
SHA256
13540d62324d40e8b15db72f32fdf1eb407f4f4d9c4cac05d5f436c39a000df2
-
SHA512
2654e24a3d2a23b8f004d32cc809fc4826fba7d59eb13889f2cc0e1f5df967fa91bf38873f1d555da62e427dde47adfd8231e91d62a0a55195858fc01fab22b6
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Modifies service
-
Suspicious use of SetThreadContext
-