General
-
Target
d058c6416284f291d6bc7e183293da1f.exe
-
Size
877KB
-
Sample
220114-r9bqtsgge9
-
MD5
d058c6416284f291d6bc7e183293da1f
-
SHA1
9fe97ad0c11997b7c0ca5a43aff43cc8bdb915b6
-
SHA256
c47c4a57e7521c6886ca3764b32ad1e5d8669f2fbf6b127fe7a832f1f3b74ec5
-
SHA512
13f733fc99e5faeb274dd1480620194e88be23d70fdc108c3846cf471760a21ac8606364ed930a187b62ebedc25124488cb0557d1ced271af982d50f52fc25cd
Static task
static1
Behavioral task
behavioral1
Sample
d058c6416284f291d6bc7e183293da1f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d058c6416284f291d6bc7e183293da1f.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
podzeye.duckdns.org:6688
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
d058c6416284f291d6bc7e183293da1f.exe
-
Size
877KB
-
MD5
d058c6416284f291d6bc7e183293da1f
-
SHA1
9fe97ad0c11997b7c0ca5a43aff43cc8bdb915b6
-
SHA256
c47c4a57e7521c6886ca3764b32ad1e5d8669f2fbf6b127fe7a832f1f3b74ec5
-
SHA512
13f733fc99e5faeb274dd1480620194e88be23d70fdc108c3846cf471760a21ac8606364ed930a187b62ebedc25124488cb0557d1ced271af982d50f52fc25cd
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-