Behavioral task
behavioral1
Sample
60d234d54c25dcef19a64ded3a587072.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
60d234d54c25dcef19a64ded3a587072.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
60d234d54c25dcef19a64ded3a587072
-
Size
160KB
-
MD5
60d234d54c25dcef19a64ded3a587072
-
SHA1
7209018f3e29225363f92f7e04e35ca7001dcf39
-
SHA256
4f10d7a2e964aa6c91e4b2da80fe82f8a566ca8a541592a4789b48f4dba11581
-
SHA512
a67d5a511809d0bbff7d8a327fc63e47713bb0928488028441f41dbbc75c5b759607af437b7617446e730debabc427aaf5f1b945c715e3e454d17811be921674
Malware Config
Extracted
Family
netwire
C2
127.0.0.1:3360
66.42.43.177:443
Attributes
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
C:\Windows\System32\spool\drivers\color
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
sysWOW32
-
use_mutex
false
Signatures
Files
-
60d234d54c25dcef19a64ded3a587072.exe windows x86