General
-
Target
P-Order.scr.exe
-
Size
876KB
-
Sample
210712-jk62jpmg3n
-
MD5
6cf82e76161361d385c53652fdba1992
-
SHA1
642276d01e7d4c7fc2fa8202025173b8abb3c221
-
SHA256
57d5c01633ef2f845946bf397ef571ba5c0e0afaafce8756d7811d7569f4b024
-
SHA512
939b26dc20dde77729f9d1ecfb9495b6bcce5a7514a44e87b2bee3dd427b967e568162b2c18e6850bbb92616452739b247e102b74f8c40bda8cad1fcc8277331
Static task
static1
Behavioral task
behavioral1
Sample
P-Order.scr.exe
Resource
win7v20210408
Malware Config
Extracted
netwire
harold.ns01.info:3606
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
prim
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
eApkLVIW
-
offline_keylogger
true
-
password
master12
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
P-Order.scr.exe
-
Size
876KB
-
MD5
6cf82e76161361d385c53652fdba1992
-
SHA1
642276d01e7d4c7fc2fa8202025173b8abb3c221
-
SHA256
57d5c01633ef2f845946bf397ef571ba5c0e0afaafce8756d7811d7569f4b024
-
SHA512
939b26dc20dde77729f9d1ecfb9495b6bcce5a7514a44e87b2bee3dd427b967e568162b2c18e6850bbb92616452739b247e102b74f8c40bda8cad1fcc8277331
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-