Analysis
-
max time kernel
143s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10-04-2024 10:17
Static task
static1
Behavioral task
behavioral1
Sample
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3.exe
Resource
win10v2004-20240226-en
General
-
Target
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3.exe
-
Size
163KB
-
MD5
bf868371dd78162283a193940a1ae9fd
-
SHA1
d7d7d01e62b9531654f5c9606eb6c73b895f6f4c
-
SHA256
34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3
-
SHA512
542e09b5834b29d8fcff7341e906864cba56eabb2e73ca9331dc7a6561f71c030b1856817897906b62a9c0981ba3c3f0af1b1c42866aee42488d4ce4ff169e1a
-
SSDEEP
3072:agU8JbFqof8jwZLEeAcvnwgObX+e8ACBkVftvAtkPBOXdOaIKPzL:agxJTBEeVvnwgIXz8tiGtWB69IKPX
Malware Config
Extracted
netwire
atlaswebportal.zapto.org:4000
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
R4_GE_20.11.16
-
keylogger_dir
C:\NVIDIA\profile\
-
lock_executable
false
-
offline_keylogger
true
-
password
Micr0s0ft4456877
-
registry_autorun
false
-
use_mutex
false
Extracted
latentbot
atlaswebportal.zapto.org
Signatures
-
NetWire RAT payload 1 IoCs
resource yara_rule behavioral1/memory/2832-5-0x0000000000400000-0x0000000000448000-memory.dmp netwire -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2832 34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3.exe 2832 34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3.exe 2832 34184f6255f9d60f510342373f129eb4834f4534bb22e1d91259cca0d07c27b3.exe