General
-
Target
d402af49869d5c73ef8de468034982cabc9c44e0c016b66b62060be338555ecc
-
Size
1.1MB
-
Sample
220731-nskqmafdbm
-
MD5
08c8ec550d3a7f85948bbcf5b9690ad1
-
SHA1
3073cb36d545bd0402be66bf375e3287e1d72361
-
SHA256
d402af49869d5c73ef8de468034982cabc9c44e0c016b66b62060be338555ecc
-
SHA512
f6d436ea7b13b90cd3b4f73a624d80cc7edcaab2352e5e04da41cfc7d3dc76cc559a485f8154c9bdbec3469aebdece4ad969e461d59ddf2c87b94fcd3d89e276
Static task
static1
Behavioral task
behavioral1
Sample
d402af49869d5c73ef8de468034982cabc9c44e0c016b66b62060be338555ecc.exe
Resource
win7-20220718-en
Malware Config
Extracted
netwire
79.134.225.73:1968
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
pd1n9
-
lock_executable
false
-
mutex
KHAtGUwc
-
offline_keylogger
false
-
password
Kimbolsapoq!P13
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
d402af49869d5c73ef8de468034982cabc9c44e0c016b66b62060be338555ecc
-
Size
1.1MB
-
MD5
08c8ec550d3a7f85948bbcf5b9690ad1
-
SHA1
3073cb36d545bd0402be66bf375e3287e1d72361
-
SHA256
d402af49869d5c73ef8de468034982cabc9c44e0c016b66b62060be338555ecc
-
SHA512
f6d436ea7b13b90cd3b4f73a624d80cc7edcaab2352e5e04da41cfc7d3dc76cc559a485f8154c9bdbec3469aebdece4ad969e461d59ddf2c87b94fcd3d89e276
-
NetWire RAT payload
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-