General
-
Target
631b798761b94ea5e6b65261a2c8ffc727375731d85f0fe457d03c98e3908772
-
Size
88KB
-
Sample
220217-cvw1wshbck
-
MD5
e63eeefa00cece8dedd70ebe4b5e239b
-
SHA1
9545e019060112ef517ae88186c20bfab41d4bd7
-
SHA256
631b798761b94ea5e6b65261a2c8ffc727375731d85f0fe457d03c98e3908772
-
SHA512
138f4bd7e9fd6b4dedf377333c373c6f69c20e5dacab8baa190965eaf7a9ecd6aabac6d8699d72063f8340646dc0598e812b0d83fd1c9d488cbd12c9ceb26d3f
Behavioral task
behavioral1
Sample
631b798761b94ea5e6b65261a2c8ffc727375731d85f0fe457d03c98e3908772.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
631b798761b94ea5e6b65261a2c8ffc727375731d85f0fe457d03c98e3908772.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
mafian222.myftp.org:1999
mafianclub222.dynu.com:1999
-
activex_autorun
true
-
activex_key
{1JJ08038-W8W8-O76K-FM5S-DSQNUFS0N462}
-
copy_executable
true
-
delete_original
true
-
host_id
RECHENA
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
false
Targets
-
-
Target
631b798761b94ea5e6b65261a2c8ffc727375731d85f0fe457d03c98e3908772
-
Size
88KB
-
MD5
e63eeefa00cece8dedd70ebe4b5e239b
-
SHA1
9545e019060112ef517ae88186c20bfab41d4bd7
-
SHA256
631b798761b94ea5e6b65261a2c8ffc727375731d85f0fe457d03c98e3908772
-
SHA512
138f4bd7e9fd6b4dedf377333c373c6f69c20e5dacab8baa190965eaf7a9ecd6aabac6d8699d72063f8340646dc0598e812b0d83fd1c9d488cbd12c9ceb26d3f
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-