General
-
Target
70308F16EC6AED9B2BB1DE2B95C954FC.vbs
-
Size
2KB
-
Sample
210623-c74ta8j8pa
-
MD5
70308f16ec6aed9b2bb1de2b95c954fc
-
SHA1
72650195a77260155859baa82f82f1b292e5ecff
-
SHA256
699f259d3ca7ab69da25404cdcf081233a956203ea995dff657f8c2114dba50c
-
SHA512
0bc476523ae086734f33c74db1ab6fc1e581818c985973e219120b40a950c51c6737e538e68f7bfd6e4b5258a6ce2a682356287af155ef549dae5e794c6ed162
Static task
static1
Behavioral task
behavioral1
Sample
70308F16EC6AED9B2BB1DE2B95C954FC.vbs
Resource
win7v20210408
Malware Config
Extracted
https://ia601401.us.archive.org/25/items/bypass_obbv/bypass_obbv.TXT
Extracted
https://ia601505.us.archive.org/17/items/server-uybb/Server_uybb.txt
Extracted
netwire
185.19.85.172:1723
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
70308F16EC6AED9B2BB1DE2B95C954FC.vbs
-
Size
2KB
-
MD5
70308f16ec6aed9b2bb1de2b95c954fc
-
SHA1
72650195a77260155859baa82f82f1b292e5ecff
-
SHA256
699f259d3ca7ab69da25404cdcf081233a956203ea995dff657f8c2114dba50c
-
SHA512
0bc476523ae086734f33c74db1ab6fc1e581818c985973e219120b40a950c51c6737e538e68f7bfd6e4b5258a6ce2a682356287af155ef549dae5e794c6ed162
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-