General
-
Target
Report..vbs
-
Size
2KB
-
Sample
210623-586z5fs6sa
-
MD5
f24e48ec7d58c08b9077f143f05ede7e
-
SHA1
5f8723bc7e331960ac047c169f020d5d5448cc12
-
SHA256
983c60c5a0fe10b28dab87e0198bf44fc2db030c6ad68d013b1f1310be4e2067
-
SHA512
2b768025d6c59ecb2642a716eedb1d6c948fdc56da29175f6eec8c8ca7e845abdff5368f5d6b635dee8b70d395decda220012220f24ce94b1857a8a68fa109d1
Static task
static1
Behavioral task
behavioral1
Sample
Report..vbs
Resource
win7v20210410
Malware Config
Extracted
https://ia601409.us.archive.org/32/items/bypass1sd/bypass1sd.TXT
Extracted
https://ia601503.us.archive.org/32/items/Serverne/Serverne.txt
Extracted
netwire
185.19.85.172:1723
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Report..vbs
-
Size
2KB
-
MD5
f24e48ec7d58c08b9077f143f05ede7e
-
SHA1
5f8723bc7e331960ac047c169f020d5d5448cc12
-
SHA256
983c60c5a0fe10b28dab87e0198bf44fc2db030c6ad68d013b1f1310be4e2067
-
SHA512
2b768025d6c59ecb2642a716eedb1d6c948fdc56da29175f6eec8c8ca7e845abdff5368f5d6b635dee8b70d395decda220012220f24ce94b1857a8a68fa109d1
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-