General
-
Target
A582F8176C5F4BECF5F95A563E9EC11A.exe
-
Size
1.1MB
-
Sample
210725-p231bkzxra
-
MD5
a582f8176c5f4becf5f95a563e9ec11a
-
SHA1
a8b2fd3f57157cce4fe9442b8ffa53e15ca4820c
-
SHA256
bd62e723aff056a5f6dd9b9ece4f5ea4bae0a50cc3bdd5f4228fb265c2a96170
-
SHA512
b077839b7a01290ade4632342e20dcc2885036deccd0a32d685a99efd2abbfd6f29ce5739f2145d8d439f8816092ad73612a15263580f356d9d727a4d8099fb0
Static task
static1
Behavioral task
behavioral1
Sample
A582F8176C5F4BECF5F95A563E9EC11A.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
roban.giize.com:1604
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
A582F8176C5F4BECF5F95A563E9EC11A.exe
-
Size
1.1MB
-
MD5
a582f8176c5f4becf5f95a563e9ec11a
-
SHA1
a8b2fd3f57157cce4fe9442b8ffa53e15ca4820c
-
SHA256
bd62e723aff056a5f6dd9b9ece4f5ea4bae0a50cc3bdd5f4228fb265c2a96170
-
SHA512
b077839b7a01290ade4632342e20dcc2885036deccd0a32d685a99efd2abbfd6f29ce5739f2145d8d439f8816092ad73612a15263580f356d9d727a4d8099fb0
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-