General
-
Target
e8fdf11abbe99931a8bdd989a3dd59b0ca0bd3cd9eaf8868c973edfa1ff47aa8
-
Size
664KB
-
Sample
220731-hbsr1scgg2
-
MD5
96d9b8339df538ec53818d2d2a6542f5
-
SHA1
0afa566cf2b68389b2026928a6184c76acd0cc8a
-
SHA256
e8fdf11abbe99931a8bdd989a3dd59b0ca0bd3cd9eaf8868c973edfa1ff47aa8
-
SHA512
fb8c31ee839bf2b9c1184e0283a757598a072e04f830720a8afc2445dc6319dbec360642642793d87d71b9f64d1554905e33d4a5511f600b96098ac24ced9d37
Static task
static1
Behavioral task
behavioral1
Sample
e8fdf11abbe99931a8bdd989a3dd59b0ca0bd3cd9eaf8868c973edfa1ff47aa8.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
e8fdf11abbe99931a8bdd989a3dd59b0ca0bd3cd9eaf8868c973edfa1ff47aa8.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
netwire
79.134.225.120:8765
-
activex_autorun
true
-
activex_key
{7XOS4W0K-H4LE-56X7-UJ07-L110BJ4GFYE8}
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
win01
-
use_mutex
false
Targets
-
-
Target
e8fdf11abbe99931a8bdd989a3dd59b0ca0bd3cd9eaf8868c973edfa1ff47aa8
-
Size
664KB
-
MD5
96d9b8339df538ec53818d2d2a6542f5
-
SHA1
0afa566cf2b68389b2026928a6184c76acd0cc8a
-
SHA256
e8fdf11abbe99931a8bdd989a3dd59b0ca0bd3cd9eaf8868c973edfa1ff47aa8
-
SHA512
fb8c31ee839bf2b9c1184e0283a757598a072e04f830720a8afc2445dc6319dbec360642642793d87d71b9f64d1554905e33d4a5511f600b96098ac24ced9d37
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-