General
-
Target
9849858 PO.exe
-
Size
541KB
-
Sample
210526-vp1wy7aa4e
-
MD5
9237436c4af1011ed1a7a62c58f5ca62
-
SHA1
5d2335954cd784c99f078a9c1b1d8a000c928970
-
SHA256
3952d20010784df9f80ca5f283a2784a23e301b64c76e8a05225a7421d905fbc
-
SHA512
ba3b63fd0e7379e1b6d56a63cdd696e1063c8659da33befeab5cafe42d6571c354aa33ecb00ab5a5ea43db2aff37c1415fb446bfef0768ab57ef42b7693b783f
Static task
static1
Behavioral task
behavioral1
Sample
9849858 PO.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
23.105.131.166:4084
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Minobrawn1
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
9849858 PO.exe
-
Size
541KB
-
MD5
9237436c4af1011ed1a7a62c58f5ca62
-
SHA1
5d2335954cd784c99f078a9c1b1d8a000c928970
-
SHA256
3952d20010784df9f80ca5f283a2784a23e301b64c76e8a05225a7421d905fbc
-
SHA512
ba3b63fd0e7379e1b6d56a63cdd696e1063c8659da33befeab5cafe42d6571c354aa33ecb00ab5a5ea43db2aff37c1415fb446bfef0768ab57ef42b7693b783f
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-