General
-
Target
b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082.bin
-
Size
256KB
-
Sample
210719-knzwljlzz2
-
MD5
3982c9643ff47aa981a446f679e332f8
-
SHA1
c9baff1bac6e99aa18a56532ed851c896cb5d5c9
-
SHA256
b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082
-
SHA512
c226600764a1f3e1fb57e96e1df966cb232f29b23aefabb7f189b6952f7e5a6c8b6a5442b29b4ff72d2b87c06a53c2ca7766e5f609d7450ac85e8211a7a6cf7f
Static task
static1
Behavioral task
behavioral1
Sample
b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082.bin.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082.bin.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
chrisle79.ddns.net:4414
jacknop79.ddns.net:4414
smath79.ddns.net:4414
whatis79.ddns.net:4414
goodgt79.ddns.net:4414
bonding79.ddns.net:4414
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
June 2021
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password2$
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082.bin
-
Size
256KB
-
MD5
3982c9643ff47aa981a446f679e332f8
-
SHA1
c9baff1bac6e99aa18a56532ed851c896cb5d5c9
-
SHA256
b58c2b3f5f6fdae85220cd053a163ba7b6e2de2f85f3b6fde2ad52528f598082
-
SHA512
c226600764a1f3e1fb57e96e1df966cb232f29b23aefabb7f189b6952f7e5a6c8b6a5442b29b4ff72d2b87c06a53c2ca7766e5f609d7450ac85e8211a7a6cf7f
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-