General
-
Target
6E6FFC38D9C88CA34562E0369AC22A75.exe
-
Size
4.7MB
-
Sample
210708-g3j852vzxs
-
MD5
6e6ffc38d9c88ca34562e0369ac22a75
-
SHA1
b8788ca1f0102145580e6cffe8528aa82105092d
-
SHA256
9a9ddbcb74bc37b8eb71fc0d4e3840e2e6435f7c9deb51f7e8e7f0bbd0cee473
-
SHA512
8c89eade7a41d73151524fd01baaee77308271cfc3bd13160b9c25d8a33a57c9aa391cc438099970d9086cb3adf7403031242dc0185b538e97617baa119a7f67
Static task
static1
Behavioral task
behavioral1
Sample
6E6FFC38D9C88CA34562E0369AC22A75.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6E6FFC38D9C88CA34562E0369AC22A75.exe
Resource
win10v20210410
Malware Config
Extracted
netwire
clients.enigmasolutions.xyz:54573
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
Cleint-%Rand%
-
install_path
%AppData%\Microsoft\MMC\ruj.exe
-
keylogger_dir
%AppData%\msr\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
\tx>N(6H`Om2k/cWJBp,""bUbAd1-0Mg
-
registry_autorun
true
-
startup_name
ruj
-
use_mutex
false
Targets
-
-
Target
6E6FFC38D9C88CA34562E0369AC22A75.exe
-
Size
4.7MB
-
MD5
6e6ffc38d9c88ca34562e0369ac22a75
-
SHA1
b8788ca1f0102145580e6cffe8528aa82105092d
-
SHA256
9a9ddbcb74bc37b8eb71fc0d4e3840e2e6435f7c9deb51f7e8e7f0bbd0cee473
-
SHA512
8c89eade7a41d73151524fd01baaee77308271cfc3bd13160b9c25d8a33a57c9aa391cc438099970d9086cb3adf7403031242dc0185b538e97617baa119a7f67
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-