General
-
Target
60d234d54c25dcef19a64ded3a587072
-
Size
160KB
-
Sample
210708-yag42b8zhx
-
MD5
60d234d54c25dcef19a64ded3a587072
-
SHA1
7209018f3e29225363f92f7e04e35ca7001dcf39
-
SHA256
4f10d7a2e964aa6c91e4b2da80fe82f8a566ca8a541592a4789b48f4dba11581
-
SHA512
a67d5a511809d0bbff7d8a327fc63e47713bb0928488028441f41dbbc75c5b759607af437b7617446e730debabc427aaf5f1b945c715e3e454d17811be921674
Behavioral task
behavioral1
Sample
60d234d54c25dcef19a64ded3a587072.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
60d234d54c25dcef19a64ded3a587072.exe
Resource
win10v20210408
Malware Config
Extracted
netwire
127.0.0.1:3360
66.42.43.177:443
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
C:\Windows\System32\spool\drivers\color
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
sysWOW32
-
use_mutex
false
Targets
-
-
Target
60d234d54c25dcef19a64ded3a587072
-
Size
160KB
-
MD5
60d234d54c25dcef19a64ded3a587072
-
SHA1
7209018f3e29225363f92f7e04e35ca7001dcf39
-
SHA256
4f10d7a2e964aa6c91e4b2da80fe82f8a566ca8a541592a4789b48f4dba11581
-
SHA512
a67d5a511809d0bbff7d8a327fc63e47713bb0928488028441f41dbbc75c5b759607af437b7617446e730debabc427aaf5f1b945c715e3e454d17811be921674
Score10/10-
Adds Run key to start application
-
Drops file in System32 directory
-