General
-
Target
3f417cc402322ac8717f904400b28d6cd169b133e521a6dd677e3ca441088604
-
Size
496KB
-
Sample
220701-cnj3rafgem
-
MD5
3160a283284befd2f59cce3be5341e75
-
SHA1
1809a6d9c10bbce9b46664d47489995f8940f615
-
SHA256
3f417cc402322ac8717f904400b28d6cd169b133e521a6dd677e3ca441088604
-
SHA512
43abc8066702adddc0b7d2914f786b2daa8324ed3254c42a98907639302d9716063ebc6f48b427e064db6770df7f1716dcca2a8ff6534789aa69b0982378edb0
Static task
static1
Behavioral task
behavioral1
Sample
3f417cc402322ac8717f904400b28d6cd169b133e521a6dd677e3ca441088604.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
fingers1.ddns.net:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3f417cc402322ac8717f904400b28d6cd169b133e521a6dd677e3ca441088604
-
Size
496KB
-
MD5
3160a283284befd2f59cce3be5341e75
-
SHA1
1809a6d9c10bbce9b46664d47489995f8940f615
-
SHA256
3f417cc402322ac8717f904400b28d6cd169b133e521a6dd677e3ca441088604
-
SHA512
43abc8066702adddc0b7d2914f786b2daa8324ed3254c42a98907639302d9716063ebc6f48b427e064db6770df7f1716dcca2a8ff6534789aa69b0982378edb0
-
NetWire RAT payload
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-