General
-
Target
Details_File_Copy.cab
-
Size
478KB
-
Sample
210930-vv5xxaabh9
-
MD5
5bad449ab20c14bd008b1d1c86b81a1c
-
SHA1
95b367245d4c16ae5dd79fd017f8518adbc0eaa9
-
SHA256
aee76315f0e7c2b898a7a187e7b7f4f7b454d474f82227acd6d97ddd92ce50cf
-
SHA512
f6d54db8fe14286889281be48841d924ea0fa79886c88388ddc51c50cb2b2695148fb9d99c6e09138e901a5b4ddff65f88e765f3cd713dbf80aabb5e5dff793c
Static task
static1
Behavioral task
behavioral1
Sample
Rydpgfedijfrhoakhqtcjqisumduwxfmob.exe
Resource
win7v20210408
Malware Config
Extracted
netwire
213.152.162.181:5133
184.75.221.171:5133
199.249.230.27:5133
185.103.96.143:5133
185.104.184.43:5133
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
true
-
mutex
SeDCqQtm
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
Rydpgfedijfrhoakhqtcjqisumduwxfmob.exe
-
Size
901KB
-
MD5
4ce09ea5a6a283048005cabca2955c0e
-
SHA1
19e45ffb02a59bc111e22e7accb9140d364f7821
-
SHA256
0930c77f216e3647b652770d81a3e83b2fe738477ca3373e0470f4fc7dba9e24
-
SHA512
5bcd5e81defe5c6127940009d3fe3f1d7ec1e6929cf4a09cb1bd54cb5f6e5b0fbfdddc1506960157d1c1f818c3669c725e7f1ff093f4b10a2bd1a5b847cda4bc
-
NetWire RAT payload
-
Adds Run key to start application
-
Drops file in System32 directory
-