General
-
Target
5413D7925B6E67E27E6FFDAB67974DBF.exe
-
Size
183KB
-
Sample
210723-lcmclg3s32
-
MD5
5413d7925b6e67e27e6ffdab67974dbf
-
SHA1
72250774c05d90f827cd3e9a85a0d5b7b4e3b791
-
SHA256
7e12867c3e8353fc4175b559bbf654ccce1b253204fd7c5c0e2a72b56026ca32
-
SHA512
8584a9c7c6b0dda77601096b595ad0b1820bb00ec508b05af9a3d067f8b926a9dac78d89bc9d4b415fcc5fabb7ebc108bab3169bfe51d0fb2697f179aba5dc10
Static task
static1
Behavioral task
behavioral1
Sample
5413D7925B6E67E27E6FFDAB67974DBF.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
finerthings.duckdns.org:3021
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
H23053OIGS
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
finerthings@963
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
5413D7925B6E67E27E6FFDAB67974DBF.exe
-
Size
183KB
-
MD5
5413d7925b6e67e27e6ffdab67974dbf
-
SHA1
72250774c05d90f827cd3e9a85a0d5b7b4e3b791
-
SHA256
7e12867c3e8353fc4175b559bbf654ccce1b253204fd7c5c0e2a72b56026ca32
-
SHA512
8584a9c7c6b0dda77601096b595ad0b1820bb00ec508b05af9a3d067f8b926a9dac78d89bc9d4b415fcc5fabb7ebc108bab3169bfe51d0fb2697f179aba5dc10
-
NetWire RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-