General
-
Target
Document.exe
-
Size
1.1MB
-
Sample
211020-pxcfgshhhm
-
MD5
aff627753fddc208e8610d54b0f4be65
-
SHA1
fc5ba331a20f2cd34d184b12f8c28445146866ec
-
SHA256
6814190b4099c532caabe663df73d8ee0c7d70b55db3c69c56eefc1dc1d162f5
-
SHA512
171d0eab964de449db860c7a89cf8fc07ad4e536c56762bdff1297146581bb63e4047aa1f241b4263f4dd83662538b231d77aa25015e1b60fee01805d1819bc1
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Document.exe
Resource
win10-en-20210920
Malware Config
Extracted
netwire
freelife.mywire.org:6655
freelife01.mywire.org:6655
freelife2.mywire.org:6655
freelife3.mywire.org:6655
freelife4.mywire.org:6655
freelife5.mywire.org:6655
freelife6.mywire.org:6655
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
5056
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Document.exe
-
Size
1.1MB
-
MD5
aff627753fddc208e8610d54b0f4be65
-
SHA1
fc5ba331a20f2cd34d184b12f8c28445146866ec
-
SHA256
6814190b4099c532caabe663df73d8ee0c7d70b55db3c69c56eefc1dc1d162f5
-
SHA512
171d0eab964de449db860c7a89cf8fc07ad4e536c56762bdff1297146581bb63e4047aa1f241b4263f4dd83662538b231d77aa25015e1b60fee01805d1819bc1
Score10/10-
NetWire RAT payload
-
Adds Run key to start application
-