General
-
Target
PO-13918.jpeg.exe
-
Size
814KB
-
Sample
210714-tnkb1m82le
-
MD5
39354b7b1d0dda28b95785b967621c07
-
SHA1
e0e21df731ac7e2bcaa1fa1ca0a3f12936a111a4
-
SHA256
ff32e93cbeacbeda2437159fc90e1c0a4b6b1d7fa160a931fe80801ba6e3311d
-
SHA512
ba6eb8b059b0ac8b420facc74c41ac0cd46e790f943c83c37902399e500239937d4424ed4e49226c2dfcd47e37ecee07f24894c67e1b0b5e43848a75f6a59619
Static task
static1
Behavioral task
behavioral1
Sample
PO-13918.jpeg.exe
Resource
win7v20210408
Malware Config
Extracted
netwire
netwire.linkpc.net:6000
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
NETWIRE 2021
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
RRMkVNlN
-
offline_keylogger
true
-
password
chizzy25@
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
PO-13918.jpeg.exe
-
Size
814KB
-
MD5
39354b7b1d0dda28b95785b967621c07
-
SHA1
e0e21df731ac7e2bcaa1fa1ca0a3f12936a111a4
-
SHA256
ff32e93cbeacbeda2437159fc90e1c0a4b6b1d7fa160a931fe80801ba6e3311d
-
SHA512
ba6eb8b059b0ac8b420facc74c41ac0cd46e790f943c83c37902399e500239937d4424ed4e49226c2dfcd47e37ecee07f24894c67e1b0b5e43848a75f6a59619
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-