General
-
Target
05b79797cfb2371b3ac1140f0ef096c247098320da81f83508b14ac92b565a35
-
Size
213KB
-
Sample
220217-jb7rlsbgck
-
MD5
cbe6f7b8ba34b4d382487a8ca97a50a5
-
SHA1
dd6a98c25d6c6cef9570bb8cee0ac0d89cfbf6e7
-
SHA256
05b79797cfb2371b3ac1140f0ef096c247098320da81f83508b14ac92b565a35
-
SHA512
921f8d04c8b7a5fba7ddda3197e77aa19413364d3013e59a0171c8895fa9eb9177eccbd17992f09eca1f06c2e975a6f27e30ba498894fbfddbb7e308bd7be84e
Behavioral task
behavioral1
Sample
05b79797cfb2371b3ac1140f0ef096c247098320da81f83508b14ac92b565a35.exe
Resource
win7-en-20211208
Malware Config
Extracted
netwire
needforrat.hopto.org:7777
96.47.228.213:3360
-
activex_autorun
true
-
activex_key
{VRVQ00BP-0QES-U71M-FL27-Y437O77F8483}
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
vrnshrgM
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
true
Targets
-
-
Target
05b79797cfb2371b3ac1140f0ef096c247098320da81f83508b14ac92b565a35
-
Size
213KB
-
MD5
cbe6f7b8ba34b4d382487a8ca97a50a5
-
SHA1
dd6a98c25d6c6cef9570bb8cee0ac0d89cfbf6e7
-
SHA256
05b79797cfb2371b3ac1140f0ef096c247098320da81f83508b14ac92b565a35
-
SHA512
921f8d04c8b7a5fba7ddda3197e77aa19413364d3013e59a0171c8895fa9eb9177eccbd17992f09eca1f06c2e975a6f27e30ba498894fbfddbb7e308bd7be84e
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NetWire RAT payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-