General
-
Target
5c3358017eb0fb29e034c6fc596f562a.exe
-
Size
217KB
-
Sample
210616-2g38j4ykvj
-
MD5
5c3358017eb0fb29e034c6fc596f562a
-
SHA1
fbe1a3bd59c2245cdef3e94d080be8e644d94a7f
-
SHA256
e7a98f2a24a517532dfd29f15bba52c4216da9eee8b848f6c50bab2a4f00cdf4
-
SHA512
774e7ac28b1375c2cabaf53a582b5759b967fcf796877e98e4c2bbb55acae0b5f3600d6cd315e72e187715b18600feb3eeadfbd6b616a3486423dd4042b4ffb2
Static task
static1
Behavioral task
behavioral1
Sample
5c3358017eb0fb29e034c6fc596f562a.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5c3358017eb0fb29e034c6fc596f562a.exe
Resource
win10v20210408
Malware Config
Extracted
netwire
netno.ddns.net:6577
ddns.dbcdubai.com:6577
netsecond.duckdns.org:6577
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
OJ
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
oCTboYgC
-
offline_keylogger
true
-
password
Trinidado1@
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
5c3358017eb0fb29e034c6fc596f562a.exe
-
Size
217KB
-
MD5
5c3358017eb0fb29e034c6fc596f562a
-
SHA1
fbe1a3bd59c2245cdef3e94d080be8e644d94a7f
-
SHA256
e7a98f2a24a517532dfd29f15bba52c4216da9eee8b848f6c50bab2a4f00cdf4
-
SHA512
774e7ac28b1375c2cabaf53a582b5759b967fcf796877e98e4c2bbb55acae0b5f3600d6cd315e72e187715b18600feb3eeadfbd6b616a3486423dd4042b4ffb2
Score10/10-
NetWire RAT payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-