General
-
Target
0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99.bin
-
Size
234KB
-
Sample
210719-syca9ajnzx
-
MD5
2ed143538f8503893e119b893b342a17
-
SHA1
75860e5635ac8410e25a24086ac5f4cd50d1a84e
-
SHA256
0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99
-
SHA512
d8d2204965dfb33054cdd9f9e4a2b06bed48b3994716888c52b2d8ce43f7285f467f8c2c2b09e42c4f0736179cf0416ede69b5b1c65f9652a5f87a854d5bdead
Malware Config
Extracted
netwire
chrisle79.ddns.net:4414
jacknop79.ddns.net:4414
smath79.ddns.net:4414
whatis79.ddns.net:4414
goodgt79.ddns.net:4414
bonding79.ddns.net:4414
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
June 2021
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password2$
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99.bin
-
Size
234KB
-
MD5
2ed143538f8503893e119b893b342a17
-
SHA1
75860e5635ac8410e25a24086ac5f4cd50d1a84e
-
SHA256
0d4b60f5103dfeca4fbbcfd4578392f5f509637479c71afdcc52ddfc7655bb99
-
SHA512
d8d2204965dfb33054cdd9f9e4a2b06bed48b3994716888c52b2d8ce43f7285f467f8c2c2b09e42c4f0736179cf0416ede69b5b1c65f9652a5f87a854d5bdead
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-