General
-
Target
Albedo Telecom Price 202106075254-Request.XLS.exe
-
Size
1.5MB
-
Sample
210607-8wd9ymlapx
-
MD5
4da0b88dce6ebc7197555fbd66d07224
-
SHA1
5d410ff26c177bfa4cd74fe472a7043e89091fda
-
SHA256
27fc1cbcf702e483b8eec78bc2605e0d45dda7f0dae2c0adcd6f90b396a1151e
-
SHA512
46f1cbd558e24a257a7ec75f90908c76891722362dcf0d13a9615d0f660ed9671880984acd7ebfaed6f53d8b3ffa45ca0a920ed9889e87ecb67dab754661afdc
Static task
static1
Behavioral task
behavioral1
Sample
Albedo Telecom Price 202106075254-Request.XLS.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
finerthings.duckdns.org:3021
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
H23053OIGS
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
finerthings@963
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Albedo Telecom Price 202106075254-Request.XLS.exe
-
Size
1.5MB
-
MD5
4da0b88dce6ebc7197555fbd66d07224
-
SHA1
5d410ff26c177bfa4cd74fe472a7043e89091fda
-
SHA256
27fc1cbcf702e483b8eec78bc2605e0d45dda7f0dae2c0adcd6f90b396a1151e
-
SHA512
46f1cbd558e24a257a7ec75f90908c76891722362dcf0d13a9615d0f660ed9671880984acd7ebfaed6f53d8b3ffa45ca0a920ed9889e87ecb67dab754661afdc
-
NetWire RAT payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-