General
-
Target
4.vbs
-
Size
2KB
-
Sample
210702-zzlw9dcdhs
-
MD5
7eb0c3e8d56bd16f621cf7cb7b28043c
-
SHA1
906d0a06d1274c9e1805ccffa9119f1ddfc9bac9
-
SHA256
423927640b464a7d3ecbe5e923f42f0808f38f35bf47c3134ef5bf4581821b98
-
SHA512
3071cfaabcf59ccde2e036a16ccf01a422f551fbb7144e33a4eb7b2f845a5522a3ef9720bb2670b718f968c1bbe044fe99893dabf1cad753b6cc94e379e59646
Static task
static1
Behavioral task
behavioral1
Sample
4.vbs
Resource
win7v20210410
Malware Config
Extracted
https://ia601409.us.archive.org/32/items/bypass1sd/bypass1sd.TXT
Extracted
https://ia601503.us.archive.org/32/items/Serverne/Serverne.txt
Extracted
netwire
185.19.85.172:1723
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
4.vbs
-
Size
2KB
-
MD5
7eb0c3e8d56bd16f621cf7cb7b28043c
-
SHA1
906d0a06d1274c9e1805ccffa9119f1ddfc9bac9
-
SHA256
423927640b464a7d3ecbe5e923f42f0808f38f35bf47c3134ef5bf4581821b98
-
SHA512
3071cfaabcf59ccde2e036a16ccf01a422f551fbb7144e33a4eb7b2f845a5522a3ef9720bb2670b718f968c1bbe044fe99893dabf1cad753b6cc94e379e59646
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-