General
-
Target
8eeb3e1e4861d4a4a3bcdf5fc79cd7c52b3288d3d41872345aec8e1ff5798a5d
-
Size
236KB
-
Sample
240410-pvhjqafh34
-
MD5
a7e96388fef3ac919f9f6703d7c0ebd4
-
SHA1
52666b5c4b2568d6ea7abcba35084591767b61ce
-
SHA256
8eeb3e1e4861d4a4a3bcdf5fc79cd7c52b3288d3d41872345aec8e1ff5798a5d
-
SHA512
2c8b7a907a0816e164a162b6b1c2938ddf876dbe41db6f4906ff859136f3faf67daf36f76901b8e0f6e06ba5daf133c52d65015391d2c250afc77e1810610973
-
SSDEEP
3072:2MTMqqDLy/KHmVFZAS9duKn02ftFaqZPJkzPw/NbjTnR+fhrhQAS+tqReGR:gqqDLuNFZb/tHwP61jTRCzSwO
Malware Config
Extracted
netwire
atlaswebportal.zapto.org:4000
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
R4_29.07.16_02
-
keylogger_dir
C:\NVIDIA\profile\
-
lock_executable
false
-
offline_keylogger
true
-
password
Micr0s0ft4456877
-
registry_autorun
false
-
use_mutex
false
Extracted
latentbot
atlaswebportal.zapto.org
Targets
-
-
Target
8eeb3e1e4861d4a4a3bcdf5fc79cd7c52b3288d3d41872345aec8e1ff5798a5d
-
Size
236KB
-
MD5
a7e96388fef3ac919f9f6703d7c0ebd4
-
SHA1
52666b5c4b2568d6ea7abcba35084591767b61ce
-
SHA256
8eeb3e1e4861d4a4a3bcdf5fc79cd7c52b3288d3d41872345aec8e1ff5798a5d
-
SHA512
2c8b7a907a0816e164a162b6b1c2938ddf876dbe41db6f4906ff859136f3faf67daf36f76901b8e0f6e06ba5daf133c52d65015391d2c250afc77e1810610973
-
SSDEEP
3072:2MTMqqDLy/KHmVFZAS9duKn02ftFaqZPJkzPw/NbjTnR+fhrhQAS+tqReGR:gqqDLuNFZb/tHwP61jTRCzSwO
Score10/10-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-