General
-
Target
jdks.exe
-
Size
3.3MB
-
Sample
230209-mf6xnaga9t
-
MD5
1ab9fdceab1dc5b1e1f13c24a98fdb93
-
SHA1
890fa430810fecdb9d782959ca3d59be2bed25f6
-
SHA256
6d7d8799da7b16c8422dc43558d3df61030443b8a5532947159d7f45a66023ba
-
SHA512
ee885aba3a94e39e0d3494a58f82bd89d080777d41abd21c97b8d19cdb29133e7c2302b5981211a26406519d8ed370ba80f2613100db7cf9c2bd1f1037857565
-
SSDEEP
49152:lFAZOskMJnefYZ3AXGIrShvBTA1CkYp3NJ9:6ONuUI8GbvBTA1ypr
Static task
static1
Malware Config
Extracted
netwire
asorock0011.ddns.net:5389
wcbradley.duckdns.org:5389
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
LAST CRYPT 0918
-
install_path
%AppData%\Install\jdks.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
FWbuMAeG
-
offline_keylogger
true
-
password
teamoluwa1
-
registry_autorun
true
-
startup_name
oskd
-
use_mutex
true
Targets
-
-
Target
jdks.exe
-
Size
3.3MB
-
MD5
1ab9fdceab1dc5b1e1f13c24a98fdb93
-
SHA1
890fa430810fecdb9d782959ca3d59be2bed25f6
-
SHA256
6d7d8799da7b16c8422dc43558d3df61030443b8a5532947159d7f45a66023ba
-
SHA512
ee885aba3a94e39e0d3494a58f82bd89d080777d41abd21c97b8d19cdb29133e7c2302b5981211a26406519d8ed370ba80f2613100db7cf9c2bd1f1037857565
-
SSDEEP
49152:lFAZOskMJnefYZ3AXGIrShvBTA1CkYp3NJ9:6ONuUI8GbvBTA1ypr
-
NetWire RAT payload
-
Executes dropped EXE
-