General
-
Target
8a9a1eb215e94bd1dc4ef0218d4a4d750dc2e76a700e9c5712494e21972f6e82
-
Size
236KB
-
Sample
240410-pnf3baff27
-
MD5
28094131dfc2c92d57a665c7fbc4fc0e
-
SHA1
f4de5565f937af148e30a8539cbd7e5b468b81ea
-
SHA256
8a9a1eb215e94bd1dc4ef0218d4a4d750dc2e76a700e9c5712494e21972f6e82
-
SHA512
ca97660047668b0a7682c604b19312a2e4769970dd982f9f722a5fb1f43009a3930e868ac6eb900b5d56aad608440a41b78d2266d29b5dd3f4abe2e5259e2fbc
-
SSDEEP
3072:2WTMqqDLy/Kd1Ndfy3uEJHl/XpK5HyhUm2KxY4QutuBI3259XdMCnNroRx9lc:OqqDLuCJouCFgJ/J46Im51e+NoG
Malware Config
Extracted
netwire
atlaswebportal.zapto.org:4000
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
R4_01.08.16
-
keylogger_dir
C:\NVIDIA\profile\
-
lock_executable
false
-
offline_keylogger
true
-
password
Micr0s0ft4456877
-
registry_autorun
false
-
use_mutex
false
Extracted
latentbot
atlaswebportal.zapto.org
Targets
-
-
Target
8a9a1eb215e94bd1dc4ef0218d4a4d750dc2e76a700e9c5712494e21972f6e82
-
Size
236KB
-
MD5
28094131dfc2c92d57a665c7fbc4fc0e
-
SHA1
f4de5565f937af148e30a8539cbd7e5b468b81ea
-
SHA256
8a9a1eb215e94bd1dc4ef0218d4a4d750dc2e76a700e9c5712494e21972f6e82
-
SHA512
ca97660047668b0a7682c604b19312a2e4769970dd982f9f722a5fb1f43009a3930e868ac6eb900b5d56aad608440a41b78d2266d29b5dd3f4abe2e5259e2fbc
-
SSDEEP
3072:2WTMqqDLy/Kd1Ndfy3uEJHl/XpK5HyhUm2KxY4QutuBI3259XdMCnNroRx9lc:OqqDLuCJouCFgJ/J46Im51e+NoG
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Drops startup file
-