General
-
Target
Qamhwewajfobdwckfaugfgmgprjttcibln.exe
-
Size
686KB
-
Sample
211022-xdjpfschfp
-
MD5
585cc23f62a61f05e84eca1ccd6655aa
-
SHA1
1c4df25e54798382f052223a3da32693b0f2f9da
-
SHA256
967143d314abcb1ad4cab1133dc0b296ae38580511b9cd412fdf3a7c282160e9
-
SHA512
aa8b0b524f6fbd98a547e2a5a8ad293157884e14ad0e1b698230a36d77804ab32851949c2cd52ae2778b8bc39898a587f8e733c1e6b9f98792ad6769795d5e73
Static task
static1
Behavioral task
behavioral1
Sample
Qamhwewajfobdwckfaugfgmgprjttcibln.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Qamhwewajfobdwckfaugfgmgprjttcibln.exe
Resource
win10-en-20211014
Malware Config
Extracted
netwire
139.28.38.235:6080
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
true
-
mutex
idkKpqiV
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
Qamhwewajfobdwckfaugfgmgprjttcibln.exe
-
Size
686KB
-
MD5
585cc23f62a61f05e84eca1ccd6655aa
-
SHA1
1c4df25e54798382f052223a3da32693b0f2f9da
-
SHA256
967143d314abcb1ad4cab1133dc0b296ae38580511b9cd412fdf3a7c282160e9
-
SHA512
aa8b0b524f6fbd98a547e2a5a8ad293157884e14ad0e1b698230a36d77804ab32851949c2cd52ae2778b8bc39898a587f8e733c1e6b9f98792ad6769795d5e73
Score10/10-
NetWire RAT payload
-
Adds Run key to start application
-