General
-
Target
467e17b8d44626b7456716680e3d043d.exe
-
Size
349KB
-
Sample
210630-316zqn4dna
-
MD5
467e17b8d44626b7456716680e3d043d
-
SHA1
6636511ae14abb0f2554199b4ed8977def1d9b8a
-
SHA256
cf2aec2969353dc99a7f715ac818212b42b8cff7a58c9109442f2c65ff62de42
-
SHA512
5f3a0f47bfe3f1784849c9ddedc30e489b5d37cbb0a73c488ab58efc7a777d0d5e0c5a5abef63661166003b623224d6990b8baa160d6e398dc804b4c2fb941a7
Static task
static1
Behavioral task
behavioral1
Sample
467e17b8d44626b7456716680e3d043d.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
467e17b8d44626b7456716680e3d043d.exe
Resource
win10v20210408
Malware Config
Extracted
netwire
66.154.103.106:13374
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
myphone
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
467e17b8d44626b7456716680e3d043d.exe
-
Size
349KB
-
MD5
467e17b8d44626b7456716680e3d043d
-
SHA1
6636511ae14abb0f2554199b4ed8977def1d9b8a
-
SHA256
cf2aec2969353dc99a7f715ac818212b42b8cff7a58c9109442f2c65ff62de42
-
SHA512
5f3a0f47bfe3f1784849c9ddedc30e489b5d37cbb0a73c488ab58efc7a777d0d5e0c5a5abef63661166003b623224d6990b8baa160d6e398dc804b4c2fb941a7
Score10/10-
NetWire RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-