General
-
Target
df450053a3624d5a3ec698bbd0f36c73
-
Size
312KB
-
Sample
230321-ggyd1sgh87
-
MD5
df450053a3624d5a3ec698bbd0f36c73
-
SHA1
0b47abd8fafd93e3a511bccd02022e7ab970c267
-
SHA256
77d866ee2219b110e1999464f0d0c4913f4ad1d2b8dd4e2ca456da22cc18b9f2
-
SHA512
5ec462faf27b7dcd11eea2152d7c5d335024e596ebe1d7afb492897091f3262fb3e6be6df6e84966c0086c8596dd8d10e1bd230cad393778f940e8b6af6ccce9
-
SSDEEP
6144:WYa6AP1e4pG5Jy8Li7b/xxulxRv+lmIi7GMff56pw:WYqJQ5Jy8wklxROmT7GMIpw
Static task
static1
Behavioral task
behavioral1
Sample
df450053a3624d5a3ec698bbd0f36c73.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
df450053a3624d5a3ec698bbd0f36c73.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
netwire
braboz.duckdns.org:1992
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
prosession
-
lock_executable
false
-
offline_keylogger
false
-
password
golddigger
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
df450053a3624d5a3ec698bbd0f36c73
-
Size
312KB
-
MD5
df450053a3624d5a3ec698bbd0f36c73
-
SHA1
0b47abd8fafd93e3a511bccd02022e7ab970c267
-
SHA256
77d866ee2219b110e1999464f0d0c4913f4ad1d2b8dd4e2ca456da22cc18b9f2
-
SHA512
5ec462faf27b7dcd11eea2152d7c5d335024e596ebe1d7afb492897091f3262fb3e6be6df6e84966c0086c8596dd8d10e1bd230cad393778f940e8b6af6ccce9
-
SSDEEP
6144:WYa6AP1e4pG5Jy8Li7b/xxulxRv+lmIi7GMff56pw:WYqJQ5Jy8wklxROmT7GMIpw
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-