General
-
Target
f9113f6d2278ec7997fd0a713b5a49f68338cc75fba323af3c8c5ce2d06f9bfa
-
Size
603KB
-
Sample
230129-x6jj6acc7s
-
MD5
3e1d28eea4116b42f5e1ddb09d269fc4
-
SHA1
a9a0e4a7bc99de387567cade9b27e66e98ebc6f9
-
SHA256
f9113f6d2278ec7997fd0a713b5a49f68338cc75fba323af3c8c5ce2d06f9bfa
-
SHA512
7397d83ee8b6126247e1c82e97f1b85f3b95ffb087b22247f310aff5ee49e0e2ba5b23dd410353b13c7a6acf1ed72f0ea5ac67eacfa7f8e24571a5f1c22fd552
-
SSDEEP
12288:EXRS22ZRIax1vuWWyaTXjV6IMurq08xySQ6FaSqLvp1cDeD6lpRLFjXK9SDhB8pM:3GTXMiSmhq9srpWE6NvrVQrlBRJ3hOZL
Static task
static1
Behavioral task
behavioral1
Sample
f9113f6d2278ec7997fd0a713b5a49f68338cc75fba323af3c8c5ce2d06f9bfa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f9113f6d2278ec7997fd0a713b5a49f68338cc75fba323af3c8c5ce2d06f9bfa.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
netwire
bambooo.dynu.net:8858
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
GAgoxrms
-
offline_keylogger
true
-
password
nesamone
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
f9113f6d2278ec7997fd0a713b5a49f68338cc75fba323af3c8c5ce2d06f9bfa
-
Size
603KB
-
MD5
3e1d28eea4116b42f5e1ddb09d269fc4
-
SHA1
a9a0e4a7bc99de387567cade9b27e66e98ebc6f9
-
SHA256
f9113f6d2278ec7997fd0a713b5a49f68338cc75fba323af3c8c5ce2d06f9bfa
-
SHA512
7397d83ee8b6126247e1c82e97f1b85f3b95ffb087b22247f310aff5ee49e0e2ba5b23dd410353b13c7a6acf1ed72f0ea5ac67eacfa7f8e24571a5f1c22fd552
-
SSDEEP
12288:EXRS22ZRIax1vuWWyaTXjV6IMurq08xySQ6FaSqLvp1cDeD6lpRLFjXK9SDhB8pM:3GTXMiSmhq9srpWE6NvrVQrlBRJ3hOZL
Score10/10-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-