General
-
Target
1348-66-0x0000000000400000-0x0000000000433000-memory.dmp
-
Size
204KB
-
Sample
220704-kcww6sfffj
-
MD5
2a000eaaaba9201ad4e814754432053c
-
SHA1
8d910d0e7b8b8fe6c8cfc679dd82f58d883df3a5
-
SHA256
f1adb68f5f61b109de25bd2dbc151ce6ba6e3b4cdd67112c6a7d9b713b1c2bf5
-
SHA512
c49fc6eded3e1779c629482e05ea946e6c2ba816826db1d2afc8aec460105c9a91cede9cd02e5f780f39d77f28ee49bdb9e9b738519d3c6f8dfceb91c05145f6
Behavioral task
behavioral1
Sample
1348-66-0x0000000000400000-0x0000000000433000-memory.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1348-66-0x0000000000400000-0x0000000000433000-memory.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
185.140.53.139:3367
185.140.53.139:3368
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Telkomsa@1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
1348-66-0x0000000000400000-0x0000000000433000-memory.dmp
-
Size
204KB
-
MD5
2a000eaaaba9201ad4e814754432053c
-
SHA1
8d910d0e7b8b8fe6c8cfc679dd82f58d883df3a5
-
SHA256
f1adb68f5f61b109de25bd2dbc151ce6ba6e3b4cdd67112c6a7d9b713b1c2bf5
-
SHA512
c49fc6eded3e1779c629482e05ea946e6c2ba816826db1d2afc8aec460105c9a91cede9cd02e5f780f39d77f28ee49bdb9e9b738519d3c6f8dfceb91c05145f6
Score3/10 -