General
-
Target
pLL3xaRbYxcknvF.exe
-
Size
907KB
-
Sample
210712-8w2ghqq7pa
-
MD5
35b9bdb43146e7599d860b225e546153
-
SHA1
f016d7b21a0d186da7868a01a9a0c42d302c8c92
-
SHA256
55408de4977faad2d86550bfbeb67378788dbb300cf37ad4e19d05711aecb1d4
-
SHA512
620212d5f9c1b4145912d32db40bf4becdd4d23b8d94fedbc662c059244c5fa6d73ab7c82b542cfdd884ac0641d0c4d7af151f98eeed7b0c93f74e3282987bc3
Static task
static1
Behavioral task
behavioral1
Sample
pLL3xaRbYxcknvF.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
dxyasser0.zapto.org:1212
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
123
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
pLL3xaRbYxcknvF.exe
-
Size
907KB
-
MD5
35b9bdb43146e7599d860b225e546153
-
SHA1
f016d7b21a0d186da7868a01a9a0c42d302c8c92
-
SHA256
55408de4977faad2d86550bfbeb67378788dbb300cf37ad4e19d05711aecb1d4
-
SHA512
620212d5f9c1b4145912d32db40bf4becdd4d23b8d94fedbc662c059244c5fa6d73ab7c82b542cfdd884ac0641d0c4d7af151f98eeed7b0c93f74e3282987bc3
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-