General
-
Target
PO -002784.xlsx
-
Size
110KB
-
Sample
220802-wdevtsagck
-
MD5
cbcfc683f542c0cb7801ad70ce218b78
-
SHA1
dd2cade0bff6cf73167be9679ea1cce1297cbaeb
-
SHA256
8f34a51b15fbfdb665e6593b46c0489072c05dd791f3dab1b0c30b44bb39a7fb
-
SHA512
896df789768cbcf1283f10463342b59ff016ae36ecdc668a5838cc403ba086b3c965d1ccbd2c3e36e017e5b84ca8055ccf7ea5297998c9f88b9c1fb762dfa4be
Static task
static1
Behavioral task
behavioral1
Sample
PO -002784.xlsx
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
PO -002784.xlsx
Resource
win10v2004-20220721-en
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
PO -002784.xlsx
-
Size
110KB
-
MD5
cbcfc683f542c0cb7801ad70ce218b78
-
SHA1
dd2cade0bff6cf73167be9679ea1cce1297cbaeb
-
SHA256
8f34a51b15fbfdb665e6593b46c0489072c05dd791f3dab1b0c30b44bb39a7fb
-
SHA512
896df789768cbcf1283f10463342b59ff016ae36ecdc668a5838cc403ba086b3c965d1ccbd2c3e36e017e5b84ca8055ccf7ea5297998c9f88b9c1fb762dfa4be
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-