General
-
Target
b7a30ea935dcedf1660abc389fcdf688.exe
-
Size
6.8MB
-
Sample
220626-ey8vzaabf7
-
MD5
b7a30ea935dcedf1660abc389fcdf688
-
SHA1
55e8e239d2a711aba9981433da6f6a7cc9b33bd4
-
SHA256
3608b5a274c096c7603b66f5a592353581b0df20f9d51e49b79fa99e632a002f
-
SHA512
d90b4f59af7ae2b60f8010e3a872c34e9498dc965c3163706229681afb3040026a053442fb0bb48c30e29dd79a9b8c0a422100385b492dc5d66d1841fc866787
Static task
static1
Behavioral task
behavioral1
Sample
b7a30ea935dcedf1660abc389fcdf688.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
newchines.giize.com:1804
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
b7a30ea935dcedf1660abc389fcdf688.exe
-
Size
6.8MB
-
MD5
b7a30ea935dcedf1660abc389fcdf688
-
SHA1
55e8e239d2a711aba9981433da6f6a7cc9b33bd4
-
SHA256
3608b5a274c096c7603b66f5a592353581b0df20f9d51e49b79fa99e632a002f
-
SHA512
d90b4f59af7ae2b60f8010e3a872c34e9498dc965c3163706229681afb3040026a053442fb0bb48c30e29dd79a9b8c0a422100385b492dc5d66d1841fc866787
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-