General
-
Target
6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319.bin
-
Size
403KB
-
Sample
210719-fajl6hrche
-
MD5
593a29ce11dbd3aa281d170d43f372b1
-
SHA1
43e73ff7d4c8143b382dee318a50c4e9d8c5c77c
-
SHA256
6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319
-
SHA512
944c7a12b312cfde56ed3c08d424ff12cc3eb0038ac7e7f0554e560b56d13ba8de74a479a98b3b608ba8b6cd8ec733a9adda6e3c9ee21065b6ef288f84c693bb
Static task
static1
Behavioral task
behavioral1
Sample
6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319.bin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319.bin.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
chrisle79.ddns.net:4414
jacknop79.ddns.net:4414
smath79.ddns.net:4414
whatis79.ddns.net:4414
goodgt79.ddns.net:4414
bonding79.ddns.net:4414
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
June 2021
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password2$
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319.bin
-
Size
403KB
-
MD5
593a29ce11dbd3aa281d170d43f372b1
-
SHA1
43e73ff7d4c8143b382dee318a50c4e9d8c5c77c
-
SHA256
6d13bcbb45eb4aaf00e63c46f6f393d879a1024be898f95d09c9d50647e76319
-
SHA512
944c7a12b312cfde56ed3c08d424ff12cc3eb0038ac7e7f0554e560b56d13ba8de74a479a98b3b608ba8b6cd8ec733a9adda6e3c9ee21065b6ef288f84c693bb
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-