Extracted

• • Target

    Pokana2021011357.doc

  • Size

    55KB

  • MD5

    9a59fc2435737333486d786264c40542

  • SHA1

    19ccdcf1cdafdd248080f7a0b4a481057125ebdf

  • SHA256

    ca7d0cd170dc326645352637b21087e96576f33aafebcb59cb3ea28952d7214d

  • SHA512

    eddb242b35355a91000d124a13bce5df1a929282f9ebf4554c261b14a1c473e75bf3c0d657f521b78d07e687ce26a749713a5aa9ffc908a53106b94744c69be5

  Score

  10^/10

  netwirebotnetpersistenceratstealer

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2