General

  • Target

    62387f4d55f15ea72c8d7f5d2ab1bd4029d895fe3f22d95980291b2595a658e6

  • Size

    88KB

  • Sample

    220217-cx76yahber

  • MD5

    4546bd435f34559a7722e4e21834dab8

  • SHA1

    8eb91482585aae5a333101125836439c49eb39b1

  • SHA256

    62387f4d55f15ea72c8d7f5d2ab1bd4029d895fe3f22d95980291b2595a658e6

  • SHA512

    d6b6f1f66f266d2bd3abb26d8cac12cbe378e74c2dbc168312e4333dde867b1a6eb3189ccea3c2b4c71258f8062bd8b8311b09f341e1db52cf8be04108553fc3

Score
10/10

Malware Config

Extracted

Family

netwire

C2

go0gle.duckdns.org:4000

update.privatizehealthinsurance.net:4000

service.cable-modem.org:4000

Attributes
  • activex_autorun

    false

  • activex_key

  • copy_executable

    false

  • delete_original

    false

  • host_id

    JAH JEHOVA EMMA

  • install_path

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    true

  • mutex

    ozowarac

  • offline_keylogger

    true

  • password

    Password

  • registry_autorun

    false

  • startup_name

  • use_mutex

    true

Targets

    • Target

      62387f4d55f15ea72c8d7f5d2ab1bd4029d895fe3f22d95980291b2595a658e6

    • Size

      88KB

    • MD5

      4546bd435f34559a7722e4e21834dab8

    • SHA1

      8eb91482585aae5a333101125836439c49eb39b1

    • SHA256

      62387f4d55f15ea72c8d7f5d2ab1bd4029d895fe3f22d95980291b2595a658e6

    • SHA512

      d6b6f1f66f266d2bd3abb26d8cac12cbe378e74c2dbc168312e4333dde867b1a6eb3189ccea3c2b4c71258f8062bd8b8311b09f341e1db52cf8be04108553fc3

    Score
    4/10

MITRE ATT&CK Enterprise v6

Tasks