Extracted

• • Target

    Potwierdzenie transakcji.xls

  • Size

    858KB

  • MD5

    c4dd8d65f7a4dc0389981e8cb5c1e8e5

  • SHA1

    661d3eb15d8badaa4bb7f69b975bb33a0f992fc1

  • SHA256

    09c74234ee48a8c8d5e67d683980f3e3968b108f33205bdfdf341c6c1cc0c206

  • SHA512

    c2f9a11f76909e3cbc3ca68240f91e5e993afdff8f14f9047801564d99d384217666084728f7c76e6fcda149db9190fe123272d698a4b65308f8a141be25e1cf

  Score

  10^/10

  evasionspywaretrojanratbotnetstealernetwire

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blacklisted process makes network request

  • Modifies system certificate store

    evasionspywaretrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2