Overview

overview

10

Static

static

10

ab9a25afd7...98.exe

windows7-x64

ab9a25afd7...98.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab9a25afd7b77e29f59da960a716dd98.bin

  • Size

    148KB

  • Sample

    240616-cf9cnsveka

  • MD5

    ab9a25afd7b77e29f59da960a716dd98

  • SHA1

    5a29e9fd7212a8b5537ae9e0daa19b51acca172a

  • SHA256

    4804ca167a5405cd9cd5539c7e670db54677e2a82081b665cc8b22a426b91b64

  • SHA512

    7ea69840e4f0e3d46b3098400169d17ee735f5a46b2d4bd7af25e158bef2cf18829fb51f7f7b6dc2262c51e41e67f597b8ced62a7788f009438213a36321c511

  • SSDEEP

    3072:4OzIy5XGViztldWl88Yed2DQuIAQvQ+d0aYk/05bgJf:4o2ViztvWlvd2UuIAQvQ+yFO0xgh

Score
10/10
netwirerat

Malware Config

Extracted

Family

netwire

C2

fucktoto.duckdns.org:3369

Attributes
  • activex_autorun

    true

  • activex_key

    {4KUJJ476-38ES-RCMH-QGW0-22030L368G76}

  • copy_executable

    true

  • delete_original

    false

  • host_id

    blower

  • install_path

    %AppData%\Install\Host.exe

  • keylogger_dir

    %AppData%\Logs\

  • lock_executable

    false

  • offline_keylogger

    true

  • password

    gbam1234

  • registry_autorun

    true

  • startup_name

    NetWire

  • use_mutex

    false

Targets

    • Target

      ab9a25afd7b77e29f59da960a716dd98.bin

    • Size

      148KB

    • MD5

      ab9a25afd7b77e29f59da960a716dd98

    • SHA1

      5a29e9fd7212a8b5537ae9e0daa19b51acca172a

    • SHA256

      4804ca167a5405cd9cd5539c7e670db54677e2a82081b665cc8b22a426b91b64

    • SHA512

      7ea69840e4f0e3d46b3098400169d17ee735f5a46b2d4bd7af25e158bef2cf18829fb51f7f7b6dc2262c51e41e67f597b8ced62a7788f009438213a36321c511

    • SSDEEP

      3072:4OzIy5XGViztldWl88Yed2DQuIAQvQ+d0aYk/05bgJf:4o2ViztvWlvd2UuIAQvQ+yFO0xgh

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks