General
-
Target
http___pbfoa.org_f.exe
-
Size
210KB
-
Sample
210605-dtpblz8gn2
-
MD5
723425455c102e80649218e45438c39c
-
SHA1
51184142431b9319eeae8bba641d0e6db339dd69
-
SHA256
ccf433b26530eba6adfbc5a390b77702e6418df136a26abe3ef7b5a83e1637bb
-
SHA512
b50d529c06d12af2d35515068666cb819215165e02ff539bb1a50cbc89cb8c4ab002e6d111c132d75ef4358a767b871b64b5ebf05a7574a844271fc81655c96c
Malware Config
Extracted
netwire
142.4.200.50:7878
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
Old Leads
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
tOFVmYMi
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
http___pbfoa.org_f.exe
-
Size
210KB
-
MD5
723425455c102e80649218e45438c39c
-
SHA1
51184142431b9319eeae8bba641d0e6db339dd69
-
SHA256
ccf433b26530eba6adfbc5a390b77702e6418df136a26abe3ef7b5a83e1637bb
-
SHA512
b50d529c06d12af2d35515068666cb819215165e02ff539bb1a50cbc89cb8c4ab002e6d111c132d75ef4358a767b871b64b5ebf05a7574a844271fc81655c96c
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-