General
-
Target
838dcb9b19c330b4ecba06dfb5d5aa465a9cb1f188c48d2b0bdba1825f9f5a03
-
Size
51KB
-
Sample
240417-p724wsgc53
-
MD5
23681f6652a894f1ae518879a4d7c915
-
SHA1
e7a0c59496bfa6f51cc80c127d88cee4427edeb3
-
SHA256
838dcb9b19c330b4ecba06dfb5d5aa465a9cb1f188c48d2b0bdba1825f9f5a03
-
SHA512
4da96e3b1f895cb97e7753fb701b60cec469d2980e324fc74ba55196007a3f7af7e2a0051cc1a6148df72d6360302a2aa2191925fa92089bd225b6f24375cc85
-
SSDEEP
1536:ubDxZQcXHFjC2I6ec/LDk7Z7QtmKDc9e/P+MNJ6Qn1Vg:IDxZ7XIaLENKDcw/BNJ6QnM
Behavioral task
behavioral1
Sample
3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c.exe
Resource
win7-20240221-en
Malware Config
Extracted
netwire
majika.gotdns.ch:1120
nik.pointto.us:1120
nikouh.pointto.us:1120
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
naza
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
CVkJEjPx
-
offline_keylogger
true
-
password
vodka
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c.exe
-
Size
132KB
-
MD5
58d02ed4bc010363facf162ac2976905
-
SHA1
0fdbd386a4cd8ac2edbd32a32a2fd5e8263bc38c
-
SHA256
3647bace25f94430a534aba8aba08a731571ab2ab22f95ac209096e2c32ef81c
-
SHA512
3287fee2405d95e03032339306253abb97d5c95b1da988f827192b4ca2c52615e271cf3f5ac58a3e3cb6a175b15d70300f86078f39145470391c0c9843daf673
-
SSDEEP
1536:dtTSUSKzF0Lh9a7WraTWFbmDHVXWRVAzZ8MfUSl7Q3rw75ggZG:dt5SKzF0Lh9a7IGW9GHeOFVvc3rKZG
-
NetWire RAT payload
-