General
-
Target
AttachedWaybill.exe
-
Size
574KB
-
Sample
210723-j2rfffv3ax
-
MD5
33f9d631a4adcd4c64fe639352c5f76b
-
SHA1
8828f41d318315eb05818fce4499bffa31657160
-
SHA256
82e96593173c1407d138cca5418a00b0f5cd9960b32d8f03052eca9b33e68b44
-
SHA512
58818cd5e1d55a4a610bb9836501a6d89fb04209b4275420bc96433af1484c0573bf1851b561779144642dd178152ca871841988864de099334ebe0372d83339
Malware Config
Extracted
netwire
nbg.myvnc.com:6655
nbg1.myvnc.com:6655
myb25.camdvr.org:6655
nbg2.myvnc.com:6655
myb27.camdvr.org:6655
nerdmusic.freeddns.org:6655
SUNWAP1.ooguy.com:6655
mynw1.hopto.org:6655
myb24.camdvr.org:6655
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
COVID-19
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
1234
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
AttachedWaybill.exe
-
Size
574KB
-
MD5
33f9d631a4adcd4c64fe639352c5f76b
-
SHA1
8828f41d318315eb05818fce4499bffa31657160
-
SHA256
82e96593173c1407d138cca5418a00b0f5cd9960b32d8f03052eca9b33e68b44
-
SHA512
58818cd5e1d55a4a610bb9836501a6d89fb04209b4275420bc96433af1484c0573bf1851b561779144642dd178152ca871841988864de099334ebe0372d83339
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Adds Run key to start application
-