General
-
Target
8cb4f73c105e9452489e60e13744cd6bdaee96010b592ce52737fdd7f4c7af0c
-
Size
1.2MB
-
Sample
220731-nsnsaafdbp
-
MD5
06c700571d428707b14fad37f0b45536
-
SHA1
13631bf381cb5db9d3fcf4b23fd4f7454c6780e4
-
SHA256
8cb4f73c105e9452489e60e13744cd6bdaee96010b592ce52737fdd7f4c7af0c
-
SHA512
4335eb288d42791c807c47d33be1bdfdd9bb95a5d1262a7c2b6a7d18d762645aa6a69cd82cbbe1bbb4cf390b6b0cd760047449ca302d434313c3977c14276e7e
Static task
static1
Behavioral task
behavioral1
Sample
8cb4f73c105e9452489e60e13744cd6bdaee96010b592ce52737fdd7f4c7af0c.exe
Resource
win7-20220715-en
Malware Config
Extracted
netwire
79.134.225.73:1968
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
pd1n9
-
lock_executable
false
-
mutex
KHAtGUwc
-
offline_keylogger
false
-
password
Kimbolsapoq!P13
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
8cb4f73c105e9452489e60e13744cd6bdaee96010b592ce52737fdd7f4c7af0c
-
Size
1.2MB
-
MD5
06c700571d428707b14fad37f0b45536
-
SHA1
13631bf381cb5db9d3fcf4b23fd4f7454c6780e4
-
SHA256
8cb4f73c105e9452489e60e13744cd6bdaee96010b592ce52737fdd7f4c7af0c
-
SHA512
4335eb288d42791c807c47d33be1bdfdd9bb95a5d1262a7c2b6a7d18d762645aa6a69cd82cbbe1bbb4cf390b6b0cd760047449ca302d434313c3977c14276e7e
-
NetWire RAT payload
-
Drops startup file
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-