General
-
Target
9F6C57CAEDBA2A1CEED98F46FD78E324CDB7C064C6045.exe
-
Size
1.0MB
-
Sample
220902-z1kw5scdaq
-
MD5
2fcc474f68240fa6cb334c3612292265
-
SHA1
9b0e1a03ac1355dfaa9cefdf7274ee2a30acd92e
-
SHA256
9f6c57caedba2a1ceed98f46fd78e324cdb7c064c60459e1c2467e3ce6b9eac8
-
SHA512
4d90073ca8790130807a0696f3fa37deeab7165fa394a475147e4462e3a04abc6877e04448c810c5d934df99ba77ddc155af38a9c03f03305f6cfd39f02ac741
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHaFlX+IwkqXdVfVM5:+h+ZkldoPK8YaFluguVc
Static task
static1
Behavioral task
behavioral1
Sample
9F6C57CAEDBA2A1CEED98F46FD78E324CDB7C064C6045.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
dnsrezolver.ddns.net:36901
dnsrezolver.ddns.net:29163
dnsrezolver.ddns.net:57804
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
AutoIT=%Rand%
-
keylogger_dir
%AppData%\msn\
-
lock_executable
false
-
offline_keylogger
true
-
password
supermario@123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
9F6C57CAEDBA2A1CEED98F46FD78E324CDB7C064C6045.exe
-
Size
1.0MB
-
MD5
2fcc474f68240fa6cb334c3612292265
-
SHA1
9b0e1a03ac1355dfaa9cefdf7274ee2a30acd92e
-
SHA256
9f6c57caedba2a1ceed98f46fd78e324cdb7c064c60459e1c2467e3ce6b9eac8
-
SHA512
4d90073ca8790130807a0696f3fa37deeab7165fa394a475147e4462e3a04abc6877e04448c810c5d934df99ba77ddc155af38a9c03f03305f6cfd39f02ac741
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHaFlX+IwkqXdVfVM5:+h+ZkldoPK8YaFluguVc
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-