General
-
Target
5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
-
Size
374KB
-
Sample
220731-1v2hdaaaf7
-
MD5
9d5c47402efe9b9cfdf9e75d93d0f35f
-
SHA1
ed32b8730cffa1a3a6e27f5a5e6273d69c9f7ac5
-
SHA256
5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
-
SHA512
ab350091a7b2dd20bf91bfa241b54ac9f7d9668c53ddcfffabb2465817563de2f3ac8bb9ec3f33895636a6ef2108f748d19693ea325a80933b4ae9c902874fe2
Static task
static1
Behavioral task
behavioral1
Sample
5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23.exe
Resource
win7-20220715-en
Malware Config
Extracted
netwire
fingers1.ddns.net:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
-
Size
374KB
-
MD5
9d5c47402efe9b9cfdf9e75d93d0f35f
-
SHA1
ed32b8730cffa1a3a6e27f5a5e6273d69c9f7ac5
-
SHA256
5ded0821335f676cc6ebe00711e0ec55297efe5d88468f7814b6241e16b0cb23
-
SHA512
ab350091a7b2dd20bf91bfa241b54ac9f7d9668c53ddcfffabb2465817563de2f3ac8bb9ec3f33895636a6ef2108f748d19693ea325a80933b4ae9c902874fe2
-
NetWire RAT payload
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-