General
-
Target
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b.bin
-
Size
172KB
-
Sample
210505-95w1bjzvb2
-
MD5
3a1db70b49e9be3303890cb7855f2296
-
SHA1
fed77876af92c2eb080251ba7a3532a154be1e94
-
SHA256
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b
-
SHA512
052e7cfc998eb8a6133cedb094ce7181461875031f7c7fafc1cf468d36d9d72d02705becd79c3e1e595ce02c4ba85d7baf45b0bc3125113a5a07d5b62dc3483e
Behavioral task
behavioral1
Sample
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b.bin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b.bin.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
needforrat.hopto.org:3360
needforrat.hopto.org:7777
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
false
Targets
-
-
Target
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b.bin
-
Size
172KB
-
MD5
3a1db70b49e9be3303890cb7855f2296
-
SHA1
fed77876af92c2eb080251ba7a3532a154be1e94
-
SHA256
3ffbccaf9efde195e47803fbeefbeea8daa46b8befe87b7781434c50b79d613b
-
SHA512
052e7cfc998eb8a6133cedb094ce7181461875031f7c7fafc1cf468d36d9d72d02705becd79c3e1e595ce02c4ba85d7baf45b0bc3125113a5a07d5b62dc3483e
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-