General
-
Target
b8d5d12dc7dd328e89b1d4acf0e6de974e8fe11c89acac4f216d64a7e10d7eab
-
Size
394KB
-
Sample
220520-qmd21adfb5
-
MD5
f43078ecc500ddddbfec94ad843f9278
-
SHA1
bb8d9d4628b8e92e43182149421f77b011018785
-
SHA256
b8d5d12dc7dd328e89b1d4acf0e6de974e8fe11c89acac4f216d64a7e10d7eab
-
SHA512
2a4c1b7bb4fe0c86ef66b1ba2cdedf235eb3f0ec3bcd705d3b03a7a3f87a70a17aff26d77be82171835648baa38f155d4b9daea34d279fb2858cde49db2d1c5c
Static task
static1
Behavioral task
behavioral1
Sample
Bounced Cheque.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
iphanyi.duckdns.org:3360
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
SMS_Group
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
caster123
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
Bounced Cheque.exe
-
Size
745KB
-
MD5
d0e7b058e35b998134e771b24f534b07
-
SHA1
9711b4478564484da540866df48c117f9d96fd4f
-
SHA256
249e738650027df7635aa70373e2e2f936eb58e1a208fdc8df9ee2f66e4cb9e3
-
SHA512
7f1b2c67f375a6225754a65eba3bcaed355672553265d70e16c0da4fbbd81c27a07d728f4cfccb1458a7d75061aa8b0d562db8e0f58fb03b82fdd671534ad506
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-