General
-
Target
356936ca6bf11de9e829bb920bc8e12aa52c14a71a37821b7f007a47e254850a
-
Size
743KB
-
Sample
220627-alcjsagagp
-
MD5
292304c0aa42f780346ffd92738a5672
-
SHA1
74f3c57318063a9f3eb4793209eb4d4b97c3a0b9
-
SHA256
356936ca6bf11de9e829bb920bc8e12aa52c14a71a37821b7f007a47e254850a
-
SHA512
e107e47f769f7ab8a3047450d0e57ad60be333a8210315aa7c5e3b89659e18134b939a68eb6b63e1cd14d1128671c872d6baf95865aa524fe31386f0836e58fc
Static task
static1
Behavioral task
behavioral1
Sample
356936ca6bf11de9e829bb920bc8e12aa52c14a71a37821b7f007a47e254850a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
356936ca6bf11de9e829bb920bc8e12aa52c14a71a37821b7f007a47e254850a.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
emybago.ddns.net:1026
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%EB%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
vhSUEBhn
-
offline_keylogger
true
-
password
emyba19
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
356936ca6bf11de9e829bb920bc8e12aa52c14a71a37821b7f007a47e254850a
-
Size
743KB
-
MD5
292304c0aa42f780346ffd92738a5672
-
SHA1
74f3c57318063a9f3eb4793209eb4d4b97c3a0b9
-
SHA256
356936ca6bf11de9e829bb920bc8e12aa52c14a71a37821b7f007a47e254850a
-
SHA512
e107e47f769f7ab8a3047450d0e57ad60be333a8210315aa7c5e3b89659e18134b939a68eb6b63e1cd14d1128671c872d6baf95865aa524fe31386f0836e58fc
Score10/10-
NetWire RAT payload
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-