General
-
Target
SecuriteInfo.com.Dropped.Trojan.GenericKD.37247948.2936.30980
-
Size
339KB
-
Sample
210723-dnat86taw2
-
MD5
959be976070ea4820a2e24dcce3d0bdf
-
SHA1
7ec0c6d7d9b75ef8f078383a15d977b45dc434c1
-
SHA256
6b4dd13ea6241a6c8ad2c967d88f3336798dc1e30dd24cfa3377f9b363d70b2e
-
SHA512
de3ed25149af67a28cd5659bfeb895e323bbd9e79bb791bfbe972f448ca1012d4872b4478bd321a8baefd5813dd69fb19d73ff02d078f5b99ab6618946d4455e
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Dropped.Trojan.GenericKD.37247948.2936.30980.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
finerthings.duckdns.org:3021
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
H23053OIGS
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
finerthings@963
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Dropped.Trojan.GenericKD.37247948.2936.30980
-
Size
339KB
-
MD5
959be976070ea4820a2e24dcce3d0bdf
-
SHA1
7ec0c6d7d9b75ef8f078383a15d977b45dc434c1
-
SHA256
6b4dd13ea6241a6c8ad2c967d88f3336798dc1e30dd24cfa3377f9b363d70b2e
-
SHA512
de3ed25149af67a28cd5659bfeb895e323bbd9e79bb791bfbe972f448ca1012d4872b4478bd321a8baefd5813dd69fb19d73ff02d078f5b99ab6618946d4455e
-
NetWire RAT payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-