General
-
Target
SecuriteInfo.com.Trojan.GenericKD.36853296.10653.5222
-
Size
1.8MB
-
Sample
210506-g9sl2ajjex
-
MD5
7a5a9f55643adf965ea93bd197353248
-
SHA1
fd70e0ec9fca053c34dc08640477ff516d2d5725
-
SHA256
d072441e276c608471a851b369726d633a66ad702663cf2868d15edfe79c5e64
-
SHA512
ae0b36de0935c25aa22cd1273f550794b5e3341777e71d87ec6f74c061fcb66111875fc528a03263dcc6e8024b537dc158cedf849755c72d8c5cf9a9ed779c7d
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.36853296.10653.5222.exe
Resource
win7v20210408
Malware Config
Extracted
netwire
23.105.131.210:1955
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
tdce
-
install_path
%AppData%\tdce\tdce.exe
-
keylogger_dir
%AppData%\tdce\
-
lock_executable
true
-
mutex
uUTFuXPN
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
tdce
-
use_mutex
true
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.36853296.10653.5222
-
Size
1.8MB
-
MD5
7a5a9f55643adf965ea93bd197353248
-
SHA1
fd70e0ec9fca053c34dc08640477ff516d2d5725
-
SHA256
d072441e276c608471a851b369726d633a66ad702663cf2868d15edfe79c5e64
-
SHA512
ae0b36de0935c25aa22cd1273f550794b5e3341777e71d87ec6f74c061fcb66111875fc528a03263dcc6e8024b537dc158cedf849755c72d8c5cf9a9ed779c7d
Score10/10-
NetWire RAT payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-