General
-
Target
51E38C5C7A3A24DD8092F94D915DE981.exe
-
Size
6KB
-
Sample
210723-zha4gcv4zx
-
MD5
51e38c5c7a3a24dd8092f94d915de981
-
SHA1
a8dd1348c866219ea5357bc3919c9885184949ba
-
SHA256
5b4962b939b67929dcb5b0c5a90b75e617f9af630271d710a21ccbe0d7738e05
-
SHA512
60b5d4c6c43bd8841aa18a081e775e0c542c785b35bf7759d002b9bc6b852170b4a629782efc695c21e990348f2d952ccb4ab2651df7944abaeb72458af7cdf4
Static task
static1
Behavioral task
behavioral1
Sample
51E38C5C7A3A24DD8092F94D915DE981.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
finerthings.duckdns.org:3021
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
H23053OIGS
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
finerthings@963
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
51E38C5C7A3A24DD8092F94D915DE981.exe
-
Size
6KB
-
MD5
51e38c5c7a3a24dd8092f94d915de981
-
SHA1
a8dd1348c866219ea5357bc3919c9885184949ba
-
SHA256
5b4962b939b67929dcb5b0c5a90b75e617f9af630271d710a21ccbe0d7738e05
-
SHA512
60b5d4c6c43bd8841aa18a081e775e0c542c785b35bf7759d002b9bc6b852170b4a629782efc695c21e990348f2d952ccb4ab2651df7944abaeb72458af7cdf4
-
NetWire RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-