General
-
Target
cb05257018c4a1b95845ec2a3e595878.exe
-
Size
769KB
-
Sample
221101-wlv7saehaj
-
MD5
cb05257018c4a1b95845ec2a3e595878
-
SHA1
94348a7a26c0414b9f58225aba75b64697dd5f86
-
SHA256
dcac7c0a08250b164343c102ef9d863a49c44343c6ce3e0cd1197cb7e3198937
-
SHA512
e3bd091e5c3a8798013d55a28016497eec635f32d17583f18b18730d6182fa4cce8f72e1bc78a10315908851c20ba5e3ac0b81dc7f0c0f8fb28e11b7ceb0f4d2
-
SSDEEP
12288:hCUL5e5qQvVHmVo+R0OXL4r70eYt8JyynITtsUXyvxwUxLfHazzJrN:s45INvVGVoU0OXLPxMyyIuVPB
Static task
static1
Behavioral task
behavioral1
Sample
cb05257018c4a1b95845ec2a3e595878.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cb05257018c4a1b95845ec2a3e595878.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
netwire
blazeblaze.ddns.net:3535
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
DATA
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
cb05257018c4a1b95845ec2a3e595878.exe
-
Size
769KB
-
MD5
cb05257018c4a1b95845ec2a3e595878
-
SHA1
94348a7a26c0414b9f58225aba75b64697dd5f86
-
SHA256
dcac7c0a08250b164343c102ef9d863a49c44343c6ce3e0cd1197cb7e3198937
-
SHA512
e3bd091e5c3a8798013d55a28016497eec635f32d17583f18b18730d6182fa4cce8f72e1bc78a10315908851c20ba5e3ac0b81dc7f0c0f8fb28e11b7ceb0f4d2
-
SSDEEP
12288:hCUL5e5qQvVHmVo+R0OXL4r70eYt8JyynITtsUXyvxwUxLfHazzJrN:s45INvVGVoU0OXLPxMyyIuVPB
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
NetWire RAT payload
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-