General
-
Target
LnsathwafhvylbbptobwoppapjxmujmvteSigned.exe
-
Size
277KB
-
Sample
210626-g36vg9wyf2
-
MD5
4e2ff191c86e45f399d0f31a5c42b60b
-
SHA1
1e399895e5837ac9a77a1fa890a82a92e9e6c14d
-
SHA256
bb988ff7e440eb871321f3d5ee94c7d241d4929e57b0e687e3ee61466b6880f6
-
SHA512
818b9a4e9ef9542c2a992ca5896bc236d7ab7d0948f44f8dfecc1097b439ff3192727cfa4a765b6452bb265f541f136e65987c719e640573e5508ad2c0d6df89
Static task
static1
Behavioral task
behavioral1
Sample
LnsathwafhvylbbptobwoppapjxmujmvteSigned.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
LnsathwafhvylbbptobwoppapjxmujmvteSigned.exe
Resource
win10v20210408
Malware Config
Extracted
netwire
147.124.221.3:2405
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\Service\
-
lock_executable
true
-
mutex
EgYSugKI
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
LnsathwafhvylbbptobwoppapjxmujmvteSigned.exe
-
Size
277KB
-
MD5
4e2ff191c86e45f399d0f31a5c42b60b
-
SHA1
1e399895e5837ac9a77a1fa890a82a92e9e6c14d
-
SHA256
bb988ff7e440eb871321f3d5ee94c7d241d4929e57b0e687e3ee61466b6880f6
-
SHA512
818b9a4e9ef9542c2a992ca5896bc236d7ab7d0948f44f8dfecc1097b439ff3192727cfa4a765b6452bb265f541f136e65987c719e640573e5508ad2c0d6df89
Score10/10-
NetWire RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-