General
-
Target
789481741e0df019d839bf61181b5cdd085b2334123be58a4b64c12fa7bd6193
-
Size
87KB
-
Sample
220217-ar6d2sehd7
-
MD5
ce7caebbced9ba9421219da04b63f07b
-
SHA1
6c00b0424981171ba5011801bd7850d2a45a4139
-
SHA256
789481741e0df019d839bf61181b5cdd085b2334123be58a4b64c12fa7bd6193
-
SHA512
ddbe08316674a6c08a6f488fb5f33098351c5d8b2c93bd5c213764456e69241a0ea2eff48de4a19846083b42c4b7fd8656e4d40e29faf41b791ee0e128724433
Behavioral task
behavioral1
Sample
789481741e0df019d839bf61181b5cdd085b2334123be58a4b64c12fa7bd6193.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
789481741e0df019d839bf61181b5cdd085b2334123be58a4b64c12fa7bd6193.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
213.183.58.12:1555
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
true
-
host_id
suchfamily
-
install_path
%Temp%\SKYPE.exe
-
keylogger_dir
%Temp%\Logs\
-
lock_executable
false
-
mutex
CBNlDpBK
-
offline_keylogger
true
-
password
Hkoco,~E$)
-
registry_autorun
true
-
startup_name
SKYPE
-
use_mutex
true
Targets
-
-
Target
789481741e0df019d839bf61181b5cdd085b2334123be58a4b64c12fa7bd6193
-
Size
87KB
-
MD5
ce7caebbced9ba9421219da04b63f07b
-
SHA1
6c00b0424981171ba5011801bd7850d2a45a4139
-
SHA256
789481741e0df019d839bf61181b5cdd085b2334123be58a4b64c12fa7bd6193
-
SHA512
ddbe08316674a6c08a6f488fb5f33098351c5d8b2c93bd5c213764456e69241a0ea2eff48de4a19846083b42c4b7fd8656e4d40e29faf41b791ee0e128724433
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-