General
-
Target
12a763026430ddbe2a80d01377895f40db30eed6b64baef137cd951356a139c8
-
Size
573KB
-
Sample
220830-ft7yjsdch2
-
MD5
cdf56e4e1646d818b6a701f9261520dd
-
SHA1
76e6c822f33ec88a513683b95f681de3b6b31b3a
-
SHA256
12a763026430ddbe2a80d01377895f40db30eed6b64baef137cd951356a139c8
-
SHA512
7fa84fb107ff41143d01c017a0ff1ef5bd43d871b8437ff9b7f44c4410549d32f43e17e0f6a679ff3166ac043c6e628a4e64587304fe8ce2d9b744a6b29f0a6b
-
SSDEEP
12288:b5O61Ay5T82KBw2ORht0wmbvISQBymNb4gGhDU3PZFX:n+q8DBw1ht5wVQBymNb4gGG1
Static task
static1
Behavioral task
behavioral1
Sample
12a763026430ddbe2a80d01377895f40db30eed6b64baef137cd951356a139c8.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
185.140.53.144:3365
185.140.53.144:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
London@1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
12a763026430ddbe2a80d01377895f40db30eed6b64baef137cd951356a139c8
-
Size
573KB
-
MD5
cdf56e4e1646d818b6a701f9261520dd
-
SHA1
76e6c822f33ec88a513683b95f681de3b6b31b3a
-
SHA256
12a763026430ddbe2a80d01377895f40db30eed6b64baef137cd951356a139c8
-
SHA512
7fa84fb107ff41143d01c017a0ff1ef5bd43d871b8437ff9b7f44c4410549d32f43e17e0f6a679ff3166ac043c6e628a4e64587304fe8ce2d9b744a6b29f0a6b
-
SSDEEP
12288:b5O61Ay5T82KBw2ORht0wmbvISQBymNb4gGhDU3PZFX:n+q8DBw1ht5wVQBymNb4gGG1
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-