General
-
Target
52ebeec6271770d72e3f2ed73535cd4a9b4d614e8877bd52a777b5f23d492869
-
Size
89KB
-
Sample
220717-bv46tsbdcn
-
MD5
60ac7ad7eccc1cdc8e2fcd21cf42e068
-
SHA1
0d1b45bcbdbd9699bde81e984edbac26e6e39b11
-
SHA256
52ebeec6271770d72e3f2ed73535cd4a9b4d614e8877bd52a777b5f23d492869
-
SHA512
4cf4816f4587910e5541da1eb2bfc90d8281e7c11339a9708c692d7124f70b65f1fb714ff3e7e8ecb3e3cb10817a9080f313f31034c6b756f7589afbbc4a85ba
Behavioral task
behavioral1
Sample
52ebeec6271770d72e3f2ed73535cd4a9b4d614e8877bd52a777b5f23d492869.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
52ebeec6271770d72e3f2ed73535cd4a9b4d614e8877bd52a777b5f23d492869.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
178.32.72.136:3361
193.124.117.153:3360
-
activex_autorun
true
-
activex_key
{UL0J35EK-4812-5A22-5827-J02V07OJ0H4J}
-
copy_executable
true
-
delete_original
true
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Skype.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
TptENIRd
-
offline_keylogger
true
-
password
ebefob44
-
registry_autorun
true
-
startup_name
Skype
-
use_mutex
true
Targets
-
-
Target
52ebeec6271770d72e3f2ed73535cd4a9b4d614e8877bd52a777b5f23d492869
-
Size
89KB
-
MD5
60ac7ad7eccc1cdc8e2fcd21cf42e068
-
SHA1
0d1b45bcbdbd9699bde81e984edbac26e6e39b11
-
SHA256
52ebeec6271770d72e3f2ed73535cd4a9b4d614e8877bd52a777b5f23d492869
-
SHA512
4cf4816f4587910e5541da1eb2bfc90d8281e7c11339a9708c692d7124f70b65f1fb714ff3e7e8ecb3e3cb10817a9080f313f31034c6b756f7589afbbc4a85ba
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-