General
-
Target
Attachment.iso
-
Size
1.4MB
-
Sample
210910-frz5xshcg7
-
MD5
88df419370728e448246ddadcc3af10a
-
SHA1
1a1f8be5d6cd729a8f772974d5ed3fcfe9fdd9c8
-
SHA256
58f19417d4b09fc86cde2639d72505363745ad714988ad9cae0bca63f4f31108
-
SHA512
4c5eb53b870a7ed509da2e9d5f334e50da2ef4e2f24aa0aa52344a9a3be5cde32b08968e75657b9b6a243b74f2fc540eeec47bfc87c5451c8f0807689986b8e6
Static task
static1
Behavioral task
behavioral1
Sample
ATTACHME.EXE
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ATTACHME.EXE
Resource
win10-en
Malware Config
Extracted
netwire
sinzu1.ddns.net:6655
sinzu2.ddns.net:6655
sinzu3.ddns.net:6655
sinzu4.ddns.net:6655
sinzu5.ddns.net:6655
sinzu6.ddns.net:6655
sinzu7.ddns.net:6655
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
1234
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
ATTACHME.EXE
-
Size
844KB
-
MD5
ee4abfe6a451eb5dc7adb5ec8811b7ff
-
SHA1
6bb1f7c0403bb4b806819b168618f15579232805
-
SHA256
8143a5d0347139eadfdd5d38ceaf661057603f9245c70116f31b85fb07de02aa
-
SHA512
e8c7c52a7804953f67f2aae091c6e2c47d6297ea685965aa414a98c819247bbc6af494f05da7939b7246c2a00e263d8d5b0263e3eb28f87c9c3693cb99b5ca6b
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
NetWire RAT payload
-
Adds Run key to start application
-