General
-
Target
Payment confirmation.exe
-
Size
877KB
-
Sample
210615-de2s2yrf5s
-
MD5
a8b3700a836387c8f76f6619081970ad
-
SHA1
e881c886aeea80b685b0334f9cc882992033166f
-
SHA256
e3b59ad472a4da79d33cd1b994394f9d405befb76ba377d1763010ecfb4c2591
-
SHA512
50107691aa322e5a924e48457c37a02cad3661ef375355c40b85737bb28b8986a0941e653a33322680d6fa72e9186a320e6987009662320ad9fa444b2ca46fbe
Static task
static1
Behavioral task
behavioral1
Sample
Payment confirmation.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
185.140.53.45:3394
185.140.53.45:3399
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
ken01234
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Payment confirmation.exe
-
Size
877KB
-
MD5
a8b3700a836387c8f76f6619081970ad
-
SHA1
e881c886aeea80b685b0334f9cc882992033166f
-
SHA256
e3b59ad472a4da79d33cd1b994394f9d405befb76ba377d1763010ecfb4c2591
-
SHA512
50107691aa322e5a924e48457c37a02cad3661ef375355c40b85737bb28b8986a0941e653a33322680d6fa72e9186a320e6987009662320ad9fa444b2ca46fbe
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-