General
-
Target
Document.exe
-
Size
865KB
-
Sample
210805-hk9a1dzeke
-
MD5
70c228aa3c939bf9a489cec192c9fc62
-
SHA1
5e53c899c75bcdcb35736789ae6fa19fdcac308e
-
SHA256
fcce8faff23defa0d6e979846a2e6c998e7eaa4a8683837db7ddf9a7a2bde078
-
SHA512
4f5cc44b69b2fb176d91375842a1865780e6d4fed298044ba8805a57fff79f69a9ee22185bbdd2a3a149b01dd15a83a1df160c7052872fda0c515af69d3982fb
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Document.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
freelife.mywire.org:6655
freelife01.mywire.org:6655
freelife2.mywire.org:6655
freelife3.mywire.org:6655
freelife4.mywire.org:6655
freelife5.mywire.org:6655
freelife6.mywire.org:6655
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
5056
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Document.exe
-
Size
865KB
-
MD5
70c228aa3c939bf9a489cec192c9fc62
-
SHA1
5e53c899c75bcdcb35736789ae6fa19fdcac308e
-
SHA256
fcce8faff23defa0d6e979846a2e6c998e7eaa4a8683837db7ddf9a7a2bde078
-
SHA512
4f5cc44b69b2fb176d91375842a1865780e6d4fed298044ba8805a57fff79f69a9ee22185bbdd2a3a149b01dd15a83a1df160c7052872fda0c515af69d3982fb
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
NetWire RAT payload
-
Adds Run key to start application
-