General
-
Target
Paymentconfirmation.exe
-
Size
616KB
-
Sample
210810-g7h6bhwjgx
-
MD5
fe6b9636c6363b1cbcecd2b690408d77
-
SHA1
c1e7b86bb283116568211eeb200bb4eff457948c
-
SHA256
f7c37eac5808e804c64864a30eaa565b0cdf35b3738f049ac2e6f793f7603cec
-
SHA512
6241aa32dc8b80cc42ddce37e25586fb5b84f06a7d7a590c1e87650493f9f805843fd0de350e798e38a155f5901858f60ca5178e24cec0a954d5ca5c14f37776
Static task
static1
Behavioral task
behavioral1
Sample
Paymentconfirmation.exe
Resource
win7v20210410
Malware Config
Extracted
netwire
194.5.97.220:3387
194.5.97.220:3389
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
stanlow02
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Paymentconfirmation.exe
-
Size
616KB
-
MD5
fe6b9636c6363b1cbcecd2b690408d77
-
SHA1
c1e7b86bb283116568211eeb200bb4eff457948c
-
SHA256
f7c37eac5808e804c64864a30eaa565b0cdf35b3738f049ac2e6f793f7603cec
-
SHA512
6241aa32dc8b80cc42ddce37e25586fb5b84f06a7d7a590c1e87650493f9f805843fd0de350e798e38a155f5901858f60ca5178e24cec0a954d5ca5c14f37776
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-