General
-
Target
61f4eee481204d26bae3857dce44cd9580e8d5341277588ddeb5d501ed6d4611
-
Size
563KB
-
Sample
220217-czgrrshbgk
-
MD5
4b1cddc2697004488ee223a733f90aa4
-
SHA1
9b0e76fc5645e054cfb8c917d9709ebbaa2415ec
-
SHA256
61f4eee481204d26bae3857dce44cd9580e8d5341277588ddeb5d501ed6d4611
-
SHA512
3fbfc2a607f3f4229dac7782cf40234133b36d8c10a8ab1a4672658e1a5b346aa383d5c053f29208546c1e7162c7fb5f7fd81864f27e059d435fe9e3ac2f30fa
Static task
static1
Behavioral task
behavioral1
Sample
61f4eee481204d26bae3857dce44cd9580e8d5341277588ddeb5d501ed6d4611.exe
Resource
win7-en-20211208
Malware Config
Extracted
netwire
cctv-home.ddns.me:3360
cctv-home.serveftp.com:3360
-
activex_autorun
true
-
activex_key
{R5Q8L480-V2I5-AA1A-5GR0-RGV5X2101O0D}
-
copy_executable
true
-
delete_original
false
-
host_id
Money
-
install_path
%AppData%\Microcoft\operas.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
YwkrXNoi
-
offline_keylogger
true
-
password
dick
-
registry_autorun
true
-
startup_name
BrowsersPriv
-
use_mutex
true
Targets
-
-
Target
61f4eee481204d26bae3857dce44cd9580e8d5341277588ddeb5d501ed6d4611
-
Size
563KB
-
MD5
4b1cddc2697004488ee223a733f90aa4
-
SHA1
9b0e76fc5645e054cfb8c917d9709ebbaa2415ec
-
SHA256
61f4eee481204d26bae3857dce44cd9580e8d5341277588ddeb5d501ed6d4611
-
SHA512
3fbfc2a607f3f4229dac7782cf40234133b36d8c10a8ab1a4672658e1a5b346aa383d5c053f29208546c1e7162c7fb5f7fd81864f27e059d435fe9e3ac2f30fa
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-