Extracted

• • Target

    Potwierdzenie transakcji (4).xls

  • Size

    858KB

  • MD5

    5a70778bed8ca69ba44a0fa43198c1cb

  • SHA1

    3b4cd5dc12ba90d25283a14b9db45a27b7a4313f

  • SHA256

    2225eecf02d98cb9631cafc0c529102e14124d43b2364b8947c2b75ffc38660e

  • SHA512

    2f865ed894592311e33e6afc415871b4d1ccfdbd189fa6a9f8690d5232ef7e67864b1ad2ad25e6ebd9bc9dd176d726aa877e0311e55e6774ae5c8225650a2161

  Score

  10^/10

  ratbotnetstealernetwire

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blacklisted process makes network request

  • Suspicious use of SetThreadContext

  behavioral1behavioral2