General
-
Target
Nizi International S.A. #New Order.exe
-
Size
468KB
-
Sample
210624-nlljv618kn
-
MD5
4697f45d7a2c5e60372f8d9548d4b75a
-
SHA1
ee7ba79d497b776b301a7a233e1b84a325ba07b9
-
SHA256
42949a2f912c87695ebffdd714eae9ae470935a2323f75a937fa3521155b3701
-
SHA512
78b32bf01891c31307221223ad91f3a57c99766d80ba39b1d53fd454ff029542d5d094650e31fe7e440e5b99474e778730d131877cd8e8131c25ecbff922cb42
Static task
static1
Behavioral task
behavioral1
Sample
Nizi International S.A. #New Order.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
sipex2021.ddns.net:8753
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Nizi International S.A. #New Order.exe
-
Size
468KB
-
MD5
4697f45d7a2c5e60372f8d9548d4b75a
-
SHA1
ee7ba79d497b776b301a7a233e1b84a325ba07b9
-
SHA256
42949a2f912c87695ebffdd714eae9ae470935a2323f75a937fa3521155b3701
-
SHA512
78b32bf01891c31307221223ad91f3a57c99766d80ba39b1d53fd454ff029542d5d094650e31fe7e440e5b99474e778730d131877cd8e8131c25ecbff922cb42
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-