General
-
Target
24C8B4647F7CDEF7524055129030454F.exe
-
Size
23.0MB
-
Sample
210719-kcfg7vcjf6
-
MD5
24c8b4647f7cdef7524055129030454f
-
SHA1
8b5dd2f2d271b5503a865bd6641e7a761ee9c520
-
SHA256
b7f42f93e5c2dfcb4620859c74593f1090dcca50dbf14d7665e31832b3ff0313
-
SHA512
1316e79aac01b0a46f7dc389970f7c3e804898c47020d987c80783b56a7b61fdc184979012e96b55cd74dedb36669a1064c9198be8a79b1ac74b68d730cb762d
Static task
static1
Behavioral task
behavioral1
Sample
24C8B4647F7CDEF7524055129030454F.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
maelus.mine.nu:3650
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
first spread
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
0000
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
24C8B4647F7CDEF7524055129030454F.exe
-
Size
23.0MB
-
MD5
24c8b4647f7cdef7524055129030454f
-
SHA1
8b5dd2f2d271b5503a865bd6641e7a761ee9c520
-
SHA256
b7f42f93e5c2dfcb4620859c74593f1090dcca50dbf14d7665e31832b3ff0313
-
SHA512
1316e79aac01b0a46f7dc389970f7c3e804898c47020d987c80783b56a7b61fdc184979012e96b55cd74dedb36669a1064c9198be8a79b1ac74b68d730cb762d
-
Modifies security service
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-