General
-
Target
Details.exe
-
Size
123KB
-
Sample
211018-nmp36aeden
-
MD5
a6d253e02a22e26939f3d775ee1127cd
-
SHA1
a8e827a9c4916a4b85e5e783764173df0dadd116
-
SHA256
61722636c5cad31d212e7ea1da55d4fde3a7e93fc46f81484dd7597a684a8164
-
SHA512
dc13d3e6a721cc2673663d0b70fcae92ed2316f4b247039dcdf8e6312a0525fc14209c4c1f860da3d04939095f1f7a912d60b20f0242dbf6ff95bc341eaada82
Static task
static1
Behavioral task
behavioral1
Sample
Details.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Details.exe
Resource
win10-en-20211014
Malware Config
Extracted
netwire
213.152.162.181:5133
184.75.221.171:5133
199.249.230.27:5133
185.103.96.143:5133
185.104.184.43:5133
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
true
-
mutex
SeDCqQtm
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
Details.exe
-
Size
123KB
-
MD5
a6d253e02a22e26939f3d775ee1127cd
-
SHA1
a8e827a9c4916a4b85e5e783764173df0dadd116
-
SHA256
61722636c5cad31d212e7ea1da55d4fde3a7e93fc46f81484dd7597a684a8164
-
SHA512
dc13d3e6a721cc2673663d0b70fcae92ed2316f4b247039dcdf8e6312a0525fc14209c4c1f860da3d04939095f1f7a912d60b20f0242dbf6ff95bc341eaada82
Score10/10-
NetWire RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-