General
-
Target
c94a8c659cf201ee1de19fc9a95bd13abdb17eef4805b9546b7c54996f04dbf9
-
Size
657KB
-
Sample
220829-cjw7hsbbe3
-
MD5
0c8c56aeba6d889647f2ed68f7461ef0
-
SHA1
4e2da2d80922f254fc5d681b6ca4cf4fe35b5163
-
SHA256
c94a8c659cf201ee1de19fc9a95bd13abdb17eef4805b9546b7c54996f04dbf9
-
SHA512
b11f73cfe702544757ae662ea3410df57b466e50a9177c357e1df516e949de9b8114fc6ea9364cde8dcbe6283d9c3b1d76a427f39fa8472a3984d1150d5057f0
-
SSDEEP
12288:VCyKwhKlgghh9ejNbn5Y9KMf46aJjShRDACEkM2TgwFmki9bF:6wkyjNb5Y9KMgFoRREugCk
Static task
static1
Behavioral task
behavioral1
Sample
c94a8c659cf201ee1de19fc9a95bd13abdb17eef4805b9546b7c54996f04dbf9.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
c94a8c659cf201ee1de19fc9a95bd13abdb17eef4805b9546b7c54996f04dbf9
-
Size
657KB
-
MD5
0c8c56aeba6d889647f2ed68f7461ef0
-
SHA1
4e2da2d80922f254fc5d681b6ca4cf4fe35b5163
-
SHA256
c94a8c659cf201ee1de19fc9a95bd13abdb17eef4805b9546b7c54996f04dbf9
-
SHA512
b11f73cfe702544757ae662ea3410df57b466e50a9177c357e1df516e949de9b8114fc6ea9364cde8dcbe6283d9c3b1d76a427f39fa8472a3984d1150d5057f0
-
SSDEEP
12288:VCyKwhKlgghh9ejNbn5Y9KMf46aJjShRDACEkM2TgwFmki9bF:6wkyjNb5Y9KMgFoRREugCk
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-