General
-
Target
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3
-
Size
163KB
-
Sample
240410-mbb7gsfb6v
-
MD5
bf868371dd78162283a193940a1ae9fd
-
SHA1
d7d7d01e62b9531654f5c9606eb6c73b895f6f4c
-
SHA256
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3
-
SHA512
542e09b5834b29d8fcff7341e906864cba56eabb2e73ca9331dc7a6561f71c030b1856817897906b62a9c0981ba3c3f0af1b1c42866aee42488d4ce4ff169e1a
-
SSDEEP
3072:agU8JbFqof8jwZLEeAcvnwgObX+e8ACBkVftvAtkPBOXdOaIKPzL:agxJTBEeVvnwgIXz8tiGtWB69IKPX
Malware Config
Extracted
netwire
atlaswebportal.zapto.org:4000
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
R4_GE_20.11.16
-
keylogger_dir
C:\NVIDIA\profile\
-
lock_executable
false
-
offline_keylogger
true
-
password
Micr0s0ft4456877
-
registry_autorun
false
-
use_mutex
false
Extracted
latentbot
atlaswebportal.zapto.org
Targets
-
-
Target
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3
-
Size
163KB
-
MD5
bf868371dd78162283a193940a1ae9fd
-
SHA1
d7d7d01e62b9531654f5c9606eb6c73b895f6f4c
-
SHA256
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3
-
SHA512
542e09b5834b29d8fcff7341e906864cba56eabb2e73ca9331dc7a6561f71c030b1856817897906b62a9c0981ba3c3f0af1b1c42866aee42488d4ce4ff169e1a
-
SSDEEP
3072:agU8JbFqof8jwZLEeAcvnwgObX+e8ACBkVftvAtkPBOXdOaIKPzL:agxJTBEeVvnwgIXz8tiGtWB69IKPX
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-