General
-
Target
Purchase_Order.exe
-
Size
337KB
-
Sample
210629-48hb8xa9lx
-
MD5
39fcd8503fd2e6e2773a5b5176b5cfb0
-
SHA1
cbf286bec3ac50743352cdead151ca2be6bea121
-
SHA256
0d7f2b187239381646230ae6f03ce02a7bba8a95482df00f459904af60da902a
-
SHA512
fdb923a1639f27f74da659c635ab251e536fd75c7d05d2696e2e8d312c4a55f37bcd127b314d1606962335593713ae1cdfed129ba2d1bb7f3223b8d7d6926f95
Static task
static1
Behavioral task
behavioral1
Sample
Purchase_Order.exe
Resource
win7v20210408
Malware Config
Extracted
netwire
warin.hopto.org:4320
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Purchase_Order.exe
-
Size
337KB
-
MD5
39fcd8503fd2e6e2773a5b5176b5cfb0
-
SHA1
cbf286bec3ac50743352cdead151ca2be6bea121
-
SHA256
0d7f2b187239381646230ae6f03ce02a7bba8a95482df00f459904af60da902a
-
SHA512
fdb923a1639f27f74da659c635ab251e536fd75c7d05d2696e2e8d312c4a55f37bcd127b314d1606962335593713ae1cdfed129ba2d1bb7f3223b8d7d6926f95
-
NetWire RAT payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-