Extracted

• • Target

    Potwierdzenie transakcji (2).xls

  • Size

    858KB

  • MD5

    30c8f5db70e799b8550642bf5bd99a93

  • SHA1

    4d5fe9d504a3da3be9b558245d1612a550721ab7

  • SHA256

    20d2812e1d4302fb94424d6bc2b31be5d809423002dc941cbb9a7978f7564383

  • SHA512

    1b020804f18408e02b61bb7e4a6b1d1dc45b2c5ce8390fd6b49d549c0daa99788cafa3555264aafcaeeede419a2bc220c0e701fe3776b4f0014c09888b065cba

  Score

  10^/10

  evasionspywaretrojanratbotnetstealernetwire

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blacklisted process makes network request

  • Modifies system certificate store

    evasionspywaretrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2