General
-
Target
Shipping Documents_Bill of Lading 910571880.exe
-
Size
933KB
-
Sample
210602-ppmxsxrwtn
-
MD5
eda21f28491884ac115de26db87bcf4c
-
SHA1
420e3d917c8846ad651dc2670bb5712b1e94e9ee
-
SHA256
fba70c8c189b22607f3ded689e050d1567f3195d65f03c5e81d9ccc0877e5c8d
-
SHA512
b82593299120554bdbd52ddc84ea2a0aa5cfa003de66ea3b79c1dfdd72de3785970959354d2b68b8d9cb0bf3b1fc3205828107aef144a7c6ff93edda06a9b0a3
Malware Config
Extracted
netwire
sipex2021.ddns.net:8753
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Shipping Documents_Bill of Lading 910571880.exe
-
Size
933KB
-
MD5
eda21f28491884ac115de26db87bcf4c
-
SHA1
420e3d917c8846ad651dc2670bb5712b1e94e9ee
-
SHA256
fba70c8c189b22607f3ded689e050d1567f3195d65f03c5e81d9ccc0877e5c8d
-
SHA512
b82593299120554bdbd52ddc84ea2a0aa5cfa003de66ea3b79c1dfdd72de3785970959354d2b68b8d9cb0bf3b1fc3205828107aef144a7c6ff93edda06a9b0a3
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Suspicious use of SetThreadContext
-