General
-
Target
026C1CE7E96A898C23A7CE9A567B9568.exe
-
Size
160KB
-
Sample
210619-dx1h9vznke
-
MD5
026c1ce7e96a898c23a7ce9a567b9568
-
SHA1
ee63b68d581ad0653842ee101593ec3081533ca2
-
SHA256
db721c1c017aac9093dcaeb4049441ce9fd617f09388f844243b148846914c14
-
SHA512
cc8b65c0eb8c0cec50dbc2c852783b84276fe2db56acef54ed621dde6ae2773da8707ad8da3f9c24ae231444293c5d947fbbf1731575d9b33078f46ae8fefcb3
Behavioral task
behavioral1
Sample
026C1CE7E96A898C23A7CE9A567B9568.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
026C1CE7E96A898C23A7CE9A567B9568.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
127.0.0.1:3360
66.42.43.177:443
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
C:\Windows\System32\spool\drivers\color
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
sysWOW32
-
use_mutex
false
Targets
-
-
Target
026C1CE7E96A898C23A7CE9A567B9568.exe
-
Size
160KB
-
MD5
026c1ce7e96a898c23a7ce9a567b9568
-
SHA1
ee63b68d581ad0653842ee101593ec3081533ca2
-
SHA256
db721c1c017aac9093dcaeb4049441ce9fd617f09388f844243b148846914c14
-
SHA512
cc8b65c0eb8c0cec50dbc2c852783b84276fe2db56acef54ed621dde6ae2773da8707ad8da3f9c24ae231444293c5d947fbbf1731575d9b33078f46ae8fefcb3
Score10/10-
Adds Run key to start application
-
Drops file in System32 directory
-