General
-
Target
5da6dff2248cf6fec4ede040663954ee2bdf5c09652e5add2f02bf9c0d8605c8
-
Size
1.2MB
-
Sample
220731-2rwndsbff2
-
MD5
304eb58c898b65eda2d31390a34566b6
-
SHA1
e04ead8d3c7b08df225b9238a2eeadbae38c71b0
-
SHA256
5da6dff2248cf6fec4ede040663954ee2bdf5c09652e5add2f02bf9c0d8605c8
-
SHA512
ce87242f0aaf9a0e171892a2221945c9b3f74c6951b95bf4a0aa04caad90327a56a52c3ecb4b1e764b6daced231e2c1492fce07dc84588a70aae9f7f19577305
Static task
static1
Behavioral task
behavioral1
Sample
5da6dff2248cf6fec4ede040663954ee2bdf5c09652e5add2f02bf9c0d8605c8.exe
Resource
win7-20220718-en
Malware Config
Extracted
netwire
79.134.225.73:1968
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
pd1n9
-
lock_executable
false
-
mutex
KHAtGUwc
-
offline_keylogger
false
-
password
Kimbolsapoq!P13
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
5da6dff2248cf6fec4ede040663954ee2bdf5c09652e5add2f02bf9c0d8605c8
-
Size
1.2MB
-
MD5
304eb58c898b65eda2d31390a34566b6
-
SHA1
e04ead8d3c7b08df225b9238a2eeadbae38c71b0
-
SHA256
5da6dff2248cf6fec4ede040663954ee2bdf5c09652e5add2f02bf9c0d8605c8
-
SHA512
ce87242f0aaf9a0e171892a2221945c9b3f74c6951b95bf4a0aa04caad90327a56a52c3ecb4b1e764b6daced231e2c1492fce07dc84588a70aae9f7f19577305
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-