General
-
Target
3b00fdabb7752fe2915425f6bb7d2bf90e36611fac730c9deb194d079d08a2de
-
Size
716KB
-
Sample
220703-wq8zfadeb6
-
MD5
e704933324d92d41acc937844de96af2
-
SHA1
3d932cee05a86b2513aabf5b0ead5d317e287b7d
-
SHA256
3b00fdabb7752fe2915425f6bb7d2bf90e36611fac730c9deb194d079d08a2de
-
SHA512
bbc82468099c4cc8b69baf295f3b6256872ddb84fa31abdffabfefd91e4488e6f1594000cc67adf8e6c58bee15055a32106f3d326d035ccdf4d91593999cba50
Static task
static1
Behavioral task
behavioral1
Sample
3b00fdabb7752fe2915425f6bb7d2bf90e36611fac730c9deb194d079d08a2de.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3b00fdabb7752fe2915425f6bb7d2bf90e36611fac730c9deb194d079d08a2de.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
79.134.225.120:8765
-
activex_autorun
true
-
activex_key
{7XOS4W0K-H4LE-56X7-UJ07-L110BJ4GFYE8}
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
win01
-
use_mutex
false
Targets
-
-
Target
3b00fdabb7752fe2915425f6bb7d2bf90e36611fac730c9deb194d079d08a2de
-
Size
716KB
-
MD5
e704933324d92d41acc937844de96af2
-
SHA1
3d932cee05a86b2513aabf5b0ead5d317e287b7d
-
SHA256
3b00fdabb7752fe2915425f6bb7d2bf90e36611fac730c9deb194d079d08a2de
-
SHA512
bbc82468099c4cc8b69baf295f3b6256872ddb84fa31abdffabfefd91e4488e6f1594000cc67adf8e6c58bee15055a32106f3d326d035ccdf4d91593999cba50
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-