General
-
Target
NetWire.exe
-
Size
1.2MB
-
Sample
240205-g1clnacdb5
-
MD5
7621f79a7f66c25ad6c636d5248abeb9
-
SHA1
98304e41f82c3aee82213a286abdee9abf79bcce
-
SHA256
086d35f26bd2fd886e99744960b394d94e74133c40145a3e2bc6b3877b91ec5d
-
SHA512
59ffcf6eeac00c089e9c77192663d0dc97b2e62cedb6d64fe7dc2e67499abc34e33977e05113c9d39ca6d3e37e8b5c3e6aa926c8526215808b147c0152f7dbfd
-
SSDEEP
24576:nBlDgE7EmXWAqSvg439vGSVNe1/hqIiHSvd7:n7DlC+GSjiBiyF
Behavioral task
behavioral1
Sample
NetWire.exe
Resource
win11-20231215-en
Malware Config
Extracted
modiloader
https://drive.google.com/u/0/uc?id=1TcSctGVBajYMA7CFDc158wpvqkpxmkhJ&export=download
Targets
-
-
Target
NetWire.exe
-
Size
1.2MB
-
MD5
7621f79a7f66c25ad6c636d5248abeb9
-
SHA1
98304e41f82c3aee82213a286abdee9abf79bcce
-
SHA256
086d35f26bd2fd886e99744960b394d94e74133c40145a3e2bc6b3877b91ec5d
-
SHA512
59ffcf6eeac00c089e9c77192663d0dc97b2e62cedb6d64fe7dc2e67499abc34e33977e05113c9d39ca6d3e37e8b5c3e6aa926c8526215808b147c0152f7dbfd
-
SSDEEP
24576:nBlDgE7EmXWAqSvg439vGSVNe1/hqIiHSvd7:n7DlC+GSjiBiyF
-
BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
mimikatz is an open source tool to dump credentials on Windows
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-