General
-
Target
87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd
-
Size
89KB
-
Sample
220216-3z456sfghl
-
MD5
6c096936f83eb2c78845151dd718397e
-
SHA1
e19a91ae5c5a3f0c1e11d178fac818730608c3c7
-
SHA256
87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd
-
SHA512
28952766ec8beb3a6c9e0ff3fa68644540c407c446319146694aa45fc517686952234afac9be71cc19c99f5a7dbb46489301f830643d6795f15ce61db54c09a7
Behavioral task
behavioral1
Sample
87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd.exe
Resource
win7-en-20211208
Malware Config
Extracted
netwire
uploadp3p.publicvm.com:4004
systool.sytes.net:4004
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
Monday-%Rand%
-
install_path
%AppData%\WinRAR\systmon.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
tjsOdMRv
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd
-
Size
89KB
-
MD5
6c096936f83eb2c78845151dd718397e
-
SHA1
e19a91ae5c5a3f0c1e11d178fac818730608c3c7
-
SHA256
87efbad587461f5d3399ef055ed043f137b77aa243189b334e6cc1292bce7dfd
-
SHA512
28952766ec8beb3a6c9e0ff3fa68644540c407c446319146694aa45fc517686952234afac9be71cc19c99f5a7dbb46489301f830643d6795f15ce61db54c09a7
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-