General
-
Target
35cd99038d9f9a51abcd92e8117746ab2b0b9c591559c298c062178c28ec64d8
-
Size
924KB
-
Sample
220626-2zkk4afgf7
-
MD5
65d5a259fe75b5425640448c01e84c4c
-
SHA1
545c7343d17d4073831ab11e5d2c5d3c8c28b401
-
SHA256
35cd99038d9f9a51abcd92e8117746ab2b0b9c591559c298c062178c28ec64d8
-
SHA512
30a47195e4b6534dc9e273553bd5f63cc0636851c7d82de74695b75b61bc0d851d64c6cbfa33ec00dc37f30482aef2fc15cd70cf15bc767bc65f17a8fc88b608
Static task
static1
Behavioral task
behavioral1
Sample
35cd99038d9f9a51abcd92e8117746ab2b0b9c591559c298c062178c28ec64d8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
35cd99038d9f9a51abcd92e8117746ab2b0b9c591559c298c062178c28ec64d8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
ASKJHDASKDHSHTD.RU:6971
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
mutex
mqIhDWwE
-
offline_keylogger
false
-
password
ppF7"oRyqm
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
35cd99038d9f9a51abcd92e8117746ab2b0b9c591559c298c062178c28ec64d8
-
Size
924KB
-
MD5
65d5a259fe75b5425640448c01e84c4c
-
SHA1
545c7343d17d4073831ab11e5d2c5d3c8c28b401
-
SHA256
35cd99038d9f9a51abcd92e8117746ab2b0b9c591559c298c062178c28ec64d8
-
SHA512
30a47195e4b6534dc9e273553bd5f63cc0636851c7d82de74695b75b61bc0d851d64c6cbfa33ec00dc37f30482aef2fc15cd70cf15bc767bc65f17a8fc88b608
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-