General
-
Target
FIR.SCR.exe
-
Size
359KB
-
Sample
210615-reksmhnv3x
-
MD5
93be4e8635658672664174442020629d
-
SHA1
2e8d87389ec5c4518be3f4618cceea6f3fd50ba3
-
SHA256
0a48820d9dc0f47e3c20c9e4d6df81592011b85388bbe22530ce8fc14f1fb93d
-
SHA512
9da351d3183e2751bee774fedd8db1d0856f069889a630f124f915da35e803a6e868a76c7ac7835b755f8f660a918651744c46e53b5f3cf9f0270752cc6e0ad6
Static task
static1
Behavioral task
behavioral1
Sample
FIR.SCR.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
FIR.SCR.exe
Resource
win10v20210408
Malware Config
Extracted
netwire
info1.dynamic-dns.net:3360
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
Blessed 2021
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
mkEuQAMf
-
offline_keylogger
true
-
password
caster123
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
FIR.SCR.exe
-
Size
359KB
-
MD5
93be4e8635658672664174442020629d
-
SHA1
2e8d87389ec5c4518be3f4618cceea6f3fd50ba3
-
SHA256
0a48820d9dc0f47e3c20c9e4d6df81592011b85388bbe22530ce8fc14f1fb93d
-
SHA512
9da351d3183e2751bee774fedd8db1d0856f069889a630f124f915da35e803a6e868a76c7ac7835b755f8f660a918651744c46e53b5f3cf9f0270752cc6e0ad6
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-