General
-
Target
Report.vbs
-
Size
1KB
-
Sample
210625-tmm5v8318e
-
MD5
22f664c3e1c19b865c64920ed8c9ff46
-
SHA1
187a8eab92dad78c194303b2039feefc58c625d0
-
SHA256
3f2520949a57c9b6342f6e6a3f13f56c124bddcd576d3a652aa237b6913e3b4f
-
SHA512
ece857fcc1e1d487554451843761cdb65d11c6d8a5e26e53835a2abc0525082342eb9bcc1c3a1efc789258b88931c0d2d8e45ae5a29d33202fe7c21723a1136d
Static task
static1
Behavioral task
behavioral1
Sample
Report.vbs
Resource
win7v20210408
Malware Config
Extracted
https://ia601406.us.archive.org/20/items/all-jjnb/ALL_jjnb.txt
Extracted
netwire
185.19.85.172:1723
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Report.vbs
-
Size
1KB
-
MD5
22f664c3e1c19b865c64920ed8c9ff46
-
SHA1
187a8eab92dad78c194303b2039feefc58c625d0
-
SHA256
3f2520949a57c9b6342f6e6a3f13f56c124bddcd576d3a652aa237b6913e3b4f
-
SHA512
ece857fcc1e1d487554451843761cdb65d11c6d8a5e26e53835a2abc0525082342eb9bcc1c3a1efc789258b88931c0d2d8e45ae5a29d33202fe7c21723a1136d
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-