General
-
Target
c059dfda68d9ab9c21b54b802eb8fdc4e5f3b499620379e2467078370a500aea
-
Size
105KB
-
Sample
221209-xgbg9agg2w
-
MD5
db7d832ece7c66eb1147db32e8298b0c
-
SHA1
ace6801936538f5341dfec3bacfeed8e30bd9b4e
-
SHA256
c059dfda68d9ab9c21b54b802eb8fdc4e5f3b499620379e2467078370a500aea
-
SHA512
4d400ad41379b7a2800f3d1333a7cab3b2b9238d0af78be28a3df36ab61ac5330e505edeba736a4360d00bb89747fb0e80c15c23d487094f80a35d6be1366b38
-
SSDEEP
1536:6HYTkXzJ45QOfQtOpVUxgYQgDIIdokdk7RXewOTC1lhwsdEoHP3Y6gfQDJkwYQ:6HY4TcQ3+YQg8AkrNwsSoHNCukwYQ
Behavioral task
behavioral1
Sample
c059dfda68d9ab9c21b54b802eb8fdc4e5f3b499620379e2467078370a500aea.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c059dfda68d9ab9c21b54b802eb8fdc4e5f3b499620379e2467078370a500aea.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
netwire
hostmicrosoft.duckdns.org:1996
-
activex_autorun
true
-
activex_key
{78Y153SD-S45G-2EF2-31U2-2SK26VT26X3Y}
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
system
-
use_mutex
false
Targets
-
-
Target
c059dfda68d9ab9c21b54b802eb8fdc4e5f3b499620379e2467078370a500aea
-
Size
105KB
-
MD5
db7d832ece7c66eb1147db32e8298b0c
-
SHA1
ace6801936538f5341dfec3bacfeed8e30bd9b4e
-
SHA256
c059dfda68d9ab9c21b54b802eb8fdc4e5f3b499620379e2467078370a500aea
-
SHA512
4d400ad41379b7a2800f3d1333a7cab3b2b9238d0af78be28a3df36ab61ac5330e505edeba736a4360d00bb89747fb0e80c15c23d487094f80a35d6be1366b38
-
SSDEEP
1536:6HYTkXzJ45QOfQtOpVUxgYQgDIIdokdk7RXewOTC1lhwsdEoHP3Y6gfQDJkwYQ:6HY4TcQ3+YQg8AkrNwsSoHNCukwYQ
Score10/10-
Modifies Installed Components in the registry
-
Adds Run key to start application
-