General
-
Target
Bank details.exe
-
Size
702KB
-
Sample
210720-an5sb2zp9j
-
MD5
4e0ee2b83297b3b44acdce3e9a3a4d24
-
SHA1
616c863f53f9a9bc3507b14cb759c289fcf6eb5f
-
SHA256
ef4fb21fec01aa193370b1ac7551aa759765b4e289f781b67d762e61335c7e41
-
SHA512
d91bc09fa872fb6d6d337db39f980c6cee0d01186f73349c36f4bbee59c65bc1e919dfc3b505bc2458a0af84c068f488c93b74a209a593976f32fc92dabe1809
Static task
static1
Behavioral task
behavioral1
Sample
Bank details.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Bank details.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
warin.hopto.org:4320
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Bank details.exe
-
Size
702KB
-
MD5
4e0ee2b83297b3b44acdce3e9a3a4d24
-
SHA1
616c863f53f9a9bc3507b14cb759c289fcf6eb5f
-
SHA256
ef4fb21fec01aa193370b1ac7551aa759765b4e289f781b67d762e61335c7e41
-
SHA512
d91bc09fa872fb6d6d337db39f980c6cee0d01186f73349c36f4bbee59c65bc1e919dfc3b505bc2458a0af84c068f488c93b74a209a593976f32fc92dabe1809
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
NetWire RAT payload
-
Adds Run key to start application
-