Extracted

• • Target

    Potwierdzenie transakcji (3).xls

  • Size

    858KB

  • MD5

    12e613fff7e95373c60b0d323807b14a

  • SHA1

    57ba3149d1204d1be553c2b6f9e057624c148386

  • SHA256

    4ee1e35fc610375d651202f828ea4c0512d1072a13dd72947efb804ea05958d3

  • SHA512

    dfd5602574e753eb57aecdd0ea5c345caca0e0292cd55a7e97ce5785ffae9a143530e27fea047d331b25069f46d688d2c559de3213fb8a56d1599eaa9fb00afd

  Score

  10^/10

  evasionspywaretrojanratbotnetstealernetwire

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blacklisted process makes network request

  • Modifies system certificate store

    evasionspywaretrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2