General
-
Target
55bbd2340d906fdf793f26e92a939659d98b759ed0f1e3d0a0761783e82ef1d1
-
Size
741KB
-
Sample
220521-w26nfsagd5
-
MD5
de692780361d7921220b1c1afe210f2e
-
SHA1
e787ebca13fc7d1514bdaa9abfc82751dad75106
-
SHA256
55bbd2340d906fdf793f26e92a939659d98b759ed0f1e3d0a0761783e82ef1d1
-
SHA512
6ff0615556fcf517a896c8486ec20a2e93891d534c9c13f7ffe641456ba00d33fcbc61c21cf88dff7d09af21a9a686d7e3cf9be8c0591a065ff26e061e243c65
Static task
static1
Behavioral task
behavioral1
Sample
?????? ???????.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
justhungry.theworkpc.com:3367
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
test
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
rXrItmjS
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
?????? ???????.pif
-
Size
1.1MB
-
MD5
078e87a6f5ff6b6b704a123fc7214472
-
SHA1
b2e08a685ef595582d7b3579066ba5172ae97293
-
SHA256
cf3b59c22659d7931cf9d0338d57af01d63fbb8363ebc4c86be884194ef62e40
-
SHA512
5da4e95e827ce1a34f5d04da9699395853d6f2f8ec3ce951ed9b0caa0820686e98d3c31ed833d71158da27109f44645a2f834f334691fd4a7a53ce23caebd21f
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-