General
-
Target
87ae17f03b47f54fd9f2a3cf9f3e1e4d5cdfa6592bec4a05214c30756599a3ef
-
Size
88KB
-
Sample
220216-3z9ewsfghn
-
MD5
d9a34da9ef264b55ca886d1ff71867ea
-
SHA1
ec21b596eb0d2529a8bf58fa36c7a5fd7dd1258b
-
SHA256
87ae17f03b47f54fd9f2a3cf9f3e1e4d5cdfa6592bec4a05214c30756599a3ef
-
SHA512
1a52ebf5e7ed3b9206855ac2474a8f7301b7a23db8bd5c13b96642f0a3cdd63e5acadb6231ae9f2c5610f1d2d650210bc12dbb15d96d39176f57c22c13ed711a
Behavioral task
behavioral1
Sample
87ae17f03b47f54fd9f2a3cf9f3e1e4d5cdfa6592bec4a05214c30756599a3ef.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
87ae17f03b47f54fd9f2a3cf9f3e1e4d5cdfa6592bec4a05214c30756599a3ef.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
185.84.181.89:1199
-
activex_autorun
true
-
activex_key
{FDOO1AM2-V7NF-W6I5-46BR-T50KH2K5T0T6}
-
copy_executable
true
-
delete_original
false
-
host_id
Chichi
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
BptiRohx
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
true
Targets
-
-
Target
87ae17f03b47f54fd9f2a3cf9f3e1e4d5cdfa6592bec4a05214c30756599a3ef
-
Size
88KB
-
MD5
d9a34da9ef264b55ca886d1ff71867ea
-
SHA1
ec21b596eb0d2529a8bf58fa36c7a5fd7dd1258b
-
SHA256
87ae17f03b47f54fd9f2a3cf9f3e1e4d5cdfa6592bec4a05214c30756599a3ef
-
SHA512
1a52ebf5e7ed3b9206855ac2474a8f7301b7a23db8bd5c13b96642f0a3cdd63e5acadb6231ae9f2c5610f1d2d650210bc12dbb15d96d39176f57c22c13ed711a
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-