General
-
Target
Shipping Docs, Invoice and BL-INV-0382378772398.exe
-
Size
831KB
-
Sample
220812-rc8z3aeafn
-
MD5
bfe6fd15fb06a353dbab1a8dd166a66f
-
SHA1
eb20a2a67b4a5d8c0070abf3b29998b090368daf
-
SHA256
3fe306342e65ca4ce26aebec3f28b9d5835ba64eb146ce5a9fdbc2662f993258
-
SHA512
b0769066a5a3613441f667b6367b7edcbb7dd4082da96709d6d476558f07155d45e6a54b9d4301704a9c0841f52fcbd88a627a852b4d2af1582beefc00240396
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Docs, Invoice and BL-INV-0382378772398.exe
Resource
win7-20220715-en
Malware Config
Extracted
netwire
xman2.duckdns.org:4433
xman2.duckdns.org:4411
xman2.duckdns.org:4422
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Shipping Docs, Invoice and BL-INV-0382378772398.exe
-
Size
831KB
-
MD5
bfe6fd15fb06a353dbab1a8dd166a66f
-
SHA1
eb20a2a67b4a5d8c0070abf3b29998b090368daf
-
SHA256
3fe306342e65ca4ce26aebec3f28b9d5835ba64eb146ce5a9fdbc2662f993258
-
SHA512
b0769066a5a3613441f667b6367b7edcbb7dd4082da96709d6d476558f07155d45e6a54b9d4301704a9c0841f52fcbd88a627a852b4d2af1582beefc00240396
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-