General
-
Target
35b413a07799e09cb15307cee104ce558af8903e7055a194ae7558b074ae7535
-
Size
167KB
-
Sample
220626-3bxq7agdc6
-
MD5
cf6d655cb1b435d8c90273d8ce809596
-
SHA1
5ff8a88942be813ce51d384defd375c6ff5ebbed
-
SHA256
35b413a07799e09cb15307cee104ce558af8903e7055a194ae7558b074ae7535
-
SHA512
1ab0257091bc562cac65effbc2fb670238c4248534dce6a9bf9b4b2457dbc388184b2aa9deaf7e9f430f022cf0d5eb37c0dee384e44e490b39257c3607d9df1e
Static task
static1
Behavioral task
behavioral1
Sample
35b413a07799e09cb15307cee104ce558af8903e7055a194ae7558b074ae7535.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
fingers1.ddns.net:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
35b413a07799e09cb15307cee104ce558af8903e7055a194ae7558b074ae7535
-
Size
167KB
-
MD5
cf6d655cb1b435d8c90273d8ce809596
-
SHA1
5ff8a88942be813ce51d384defd375c6ff5ebbed
-
SHA256
35b413a07799e09cb15307cee104ce558af8903e7055a194ae7558b074ae7535
-
SHA512
1ab0257091bc562cac65effbc2fb670238c4248534dce6a9bf9b4b2457dbc388184b2aa9deaf7e9f430f022cf0d5eb37c0dee384e44e490b39257c3607d9df1e
-
NetWire RAT payload
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-