General
-
Target
63c0153b2deff5a9286db1bbf41c327d55e4afeb938472b04f5f2e5367a1418f
-
Size
87KB
-
Sample
220217-csy3gafhf5
-
MD5
588321542b59af4a4c9d48b3b06f8224
-
SHA1
48428a910af44c2997c1dfd5258f8b4c40a102f5
-
SHA256
63c0153b2deff5a9286db1bbf41c327d55e4afeb938472b04f5f2e5367a1418f
-
SHA512
b2dc558c2803dbda420010790d8e1a5373a0e02db7eeeac8f679116ab24f388d9323ae0d4f53cac1507dbe353a4456c931f5056c27764e78bee7c1cbf645ae7e
Behavioral task
behavioral1
Sample
63c0153b2deff5a9286db1bbf41c327d55e4afeb938472b04f5f2e5367a1418f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
63c0153b2deff5a9286db1bbf41c327d55e4afeb938472b04f5f2e5367a1418f.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
netwire
virginmilo.ddns.net:6111
174.127.99.186:1288
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
CHARLES
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
UmcuQVvf
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
System32
-
use_mutex
true
Targets
-
-
Target
63c0153b2deff5a9286db1bbf41c327d55e4afeb938472b04f5f2e5367a1418f
-
Size
87KB
-
MD5
588321542b59af4a4c9d48b3b06f8224
-
SHA1
48428a910af44c2997c1dfd5258f8b4c40a102f5
-
SHA256
63c0153b2deff5a9286db1bbf41c327d55e4afeb938472b04f5f2e5367a1418f
-
SHA512
b2dc558c2803dbda420010790d8e1a5373a0e02db7eeeac8f679116ab24f388d9323ae0d4f53cac1507dbe353a4456c931f5056c27764e78bee7c1cbf645ae7e
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-