General
-
Target
3f7e5239a328af7e3865e8340d40a892748da42c5f1343264d173f1b9f7d51d2
-
Size
245KB
-
Sample
220701-bs6xmsecal
-
MD5
0eee0f4cc5461af94ac39590ea0b8ac9
-
SHA1
9072cb614aef5c9c2d38d2846bb3c625a9f65ecb
-
SHA256
3f7e5239a328af7e3865e8340d40a892748da42c5f1343264d173f1b9f7d51d2
-
SHA512
2e926acde54ef8bf3f4ad0cb21ed6487c614fdee49be63190a9a8436db54d8d9df617ad2babf886df5af8ecb056e6b54d97e2d4ab43d11d5978748be8e8cb1ec
Static task
static1
Behavioral task
behavioral1
Sample
3f7e5239a328af7e3865e8340d40a892748da42c5f1343264d173f1b9f7d51d2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3f7e5239a328af7e3865e8340d40a892748da42c5f1343264d173f1b9f7d51d2.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
netzirecolq.gleeze.com:3372
-
activex_autorun
true
-
activex_key
{ILC0D6DW-314A-58FX-3U05-C35QOA66D730}
-
copy_executable
false
-
delete_original
true
-
host_id
3372
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
fCnYKSgn
-
offline_keylogger
true
-
password
10203010Aa
-
registry_autorun
true
-
startup_name
Defender
-
use_mutex
true
Targets
-
-
Target
3f7e5239a328af7e3865e8340d40a892748da42c5f1343264d173f1b9f7d51d2
-
Size
245KB
-
MD5
0eee0f4cc5461af94ac39590ea0b8ac9
-
SHA1
9072cb614aef5c9c2d38d2846bb3c625a9f65ecb
-
SHA256
3f7e5239a328af7e3865e8340d40a892748da42c5f1343264d173f1b9f7d51d2
-
SHA512
2e926acde54ef8bf3f4ad0cb21ed6487c614fdee49be63190a9a8436db54d8d9df617ad2babf886df5af8ecb056e6b54d97e2d4ab43d11d5978748be8e8cb1ec
Score10/10-
NetWire RAT payload
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-