General
-
Target
Proof of Payment.exe
-
Size
1.0MB
-
Sample
211016-h1qc7abgc9
-
MD5
5ab8ebf954dd5d4a6245fb017314d154
-
SHA1
b1ae64f01b425f03cd3b8d14783fcf8ad3e8e927
-
SHA256
05e7ca50d56d74090b76bde141a5decb07f2fe2d8f564bed1ba814ab4cb4ddf4
-
SHA512
0f93b6f24eaf94c3ce97bf6e8dd5c2ec326f85a1b7e2101029d674963baa33a0fa34ad359b01b33a30ef4e1a0eca5373b3b8fe82c50ac786087239f01cc4443f
Static task
static1
Behavioral task
behavioral1
Sample
Proof of Payment.exe
Resource
win7-en-20211014
Malware Config
Extracted
netwire
194.5.98.230:3364
194.5.98.230:3368
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
high1234
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Proof of Payment.exe
-
Size
1.0MB
-
MD5
5ab8ebf954dd5d4a6245fb017314d154
-
SHA1
b1ae64f01b425f03cd3b8d14783fcf8ad3e8e927
-
SHA256
05e7ca50d56d74090b76bde141a5decb07f2fe2d8f564bed1ba814ab4cb4ddf4
-
SHA512
0f93b6f24eaf94c3ce97bf6e8dd5c2ec326f85a1b7e2101029d674963baa33a0fa34ad359b01b33a30ef4e1a0eca5373b3b8fe82c50ac786087239f01cc4443f
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-