General
-
Target
proof of payment.scr.exe
-
Size
873KB
-
Sample
210713-l61fvclaqj
-
MD5
693fc4eb901d82a09678e506960fd24d
-
SHA1
8fcfb6ea44062af4557b2820591f75126b5edf81
-
SHA256
59fc44577bd89c7f6ae86b0b13e7e19c4d17612b4d5696e6c70d2e88d5d8115e
-
SHA512
0c076cf5b30edb1c8f51c11e52778cd20eaf88736467e1c0f401b48154ae54ed31433efa898c0be883bab6a9ed435540d16974858eb691410787f787870d464a
Static task
static1
Behavioral task
behavioral1
Sample
proof of payment.scr.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
harold.ns01.info:3606
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
Ojoko
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
enbSUNvD
-
offline_keylogger
true
-
password
master12
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
proof of payment.scr.exe
-
Size
873KB
-
MD5
693fc4eb901d82a09678e506960fd24d
-
SHA1
8fcfb6ea44062af4557b2820591f75126b5edf81
-
SHA256
59fc44577bd89c7f6ae86b0b13e7e19c4d17612b4d5696e6c70d2e88d5d8115e
-
SHA512
0c076cf5b30edb1c8f51c11e52778cd20eaf88736467e1c0f401b48154ae54ed31433efa898c0be883bab6a9ed435540d16974858eb691410787f787870d464a
-
NetWire RAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-