General
-
Target
d2091abba8c6725d31c3119393232ba84ece78d0a2cba338a9d5d0e9febcfce9
-
Size
983KB
-
Sample
220520-d6snaaaghm
-
MD5
7d3808864afc7f49f0ea9bf1a7a0c66a
-
SHA1
a4817d5b8bbae8539218a21bf749446da2ab573b
-
SHA256
d2091abba8c6725d31c3119393232ba84ece78d0a2cba338a9d5d0e9febcfce9
-
SHA512
f70c28c29e52879f67835ff681e7af9c1dcfd3d526e1efe962c60d1a3fc1875511b81c26874b64632d2e80fc88ad973b2c88a030816e05fb8f1026b267b319ff
Static task
static1
Behavioral task
behavioral1
Sample
d2091abba8c6725d31c3119393232ba84ece78d0a2cba338a9d5d0e9febcfce9.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
pd1n.ddns.net:1968
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
pd1n-noip
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Kimbolsapoq!P12
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
d2091abba8c6725d31c3119393232ba84ece78d0a2cba338a9d5d0e9febcfce9
-
Size
983KB
-
MD5
7d3808864afc7f49f0ea9bf1a7a0c66a
-
SHA1
a4817d5b8bbae8539218a21bf749446da2ab573b
-
SHA256
d2091abba8c6725d31c3119393232ba84ece78d0a2cba338a9d5d0e9febcfce9
-
SHA512
f70c28c29e52879f67835ff681e7af9c1dcfd3d526e1efe962c60d1a3fc1875511b81c26874b64632d2e80fc88ad973b2c88a030816e05fb8f1026b267b319ff
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-