General
-
Target
DAD2086B1DEDB37FDFD029105A9E6972.exe
-
Size
5.5MB
-
Sample
210613-2gev764mx2
-
MD5
dad2086b1dedb37fdfd029105a9e6972
-
SHA1
357dc27ba8a81eaebc7d70adc871b2ad9414a6a2
-
SHA256
2293e4d40a28a992e65cd5d5ea0cb0561ab1b5dba5ace0db7c241dc8443488f2
-
SHA512
abc82b8c570e265587535ad1d9b726bc82c58cb5e421fdc79e2dde947e84d29c99fa61ed6312e6752f535017a47a28c9504fcb985ec423ded1dd1e8e6eb4c210
Static task
static1
Behavioral task
behavioral1
Sample
DAD2086B1DEDB37FDFD029105A9E6972.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DAD2086B1DEDB37FDFD029105A9E6972.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
clients.enigmasolutions.xyz:54573
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
Cleint-%Rand%
-
install_path
%AppData%\Microsoft\Network\Network.exe
-
keylogger_dir
%AppData%\msr\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
\tx>N(6H`Om2k/cWJBp,""bUbAd1-0Mg
-
registry_autorun
true
-
startup_name
ruj
-
use_mutex
false
Targets
-
-
Target
DAD2086B1DEDB37FDFD029105A9E6972.exe
-
Size
5.5MB
-
MD5
dad2086b1dedb37fdfd029105a9e6972
-
SHA1
357dc27ba8a81eaebc7d70adc871b2ad9414a6a2
-
SHA256
2293e4d40a28a992e65cd5d5ea0cb0561ab1b5dba5ace0db7c241dc8443488f2
-
SHA512
abc82b8c570e265587535ad1d9b726bc82c58cb5e421fdc79e2dde947e84d29c99fa61ed6312e6752f535017a47a28c9504fcb985ec423ded1dd1e8e6eb4c210
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-