General
-
Target
Dlt Template.scr
-
Size
590KB
-
Sample
220914-nnzzradggl
-
MD5
e3ceb848b672af6dd941b18dd773d514
-
SHA1
1b8055a092d828a38ae9d74989dc43fc381c854a
-
SHA256
71a260b79d48bfb8917050a14b955f79412846d10f1263ce3ad8ef14f8e07e04
-
SHA512
5b669c7ef255294aad1182f96259b7584515f90b8a2f0ca3769ae85d644a3c8ec4e87459de6a6ff70af02fc8f86affe476beb0046146d8a3ea3158e27233053d
-
SSDEEP
12288:9iGjtavmy2p2aY6DXaw2dXoTmSAHBsoV:r0aYxD9oTmdHBsG
Static task
static1
Behavioral task
behavioral1
Sample
Dlt Template.scr
Resource
win7-20220812-en
Malware Config
Extracted
netwire
iphanyi.edns.biz:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
RDP_SEPT_2022
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
caster123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Dlt Template.scr
-
Size
590KB
-
MD5
e3ceb848b672af6dd941b18dd773d514
-
SHA1
1b8055a092d828a38ae9d74989dc43fc381c854a
-
SHA256
71a260b79d48bfb8917050a14b955f79412846d10f1263ce3ad8ef14f8e07e04
-
SHA512
5b669c7ef255294aad1182f96259b7584515f90b8a2f0ca3769ae85d644a3c8ec4e87459de6a6ff70af02fc8f86affe476beb0046146d8a3ea3158e27233053d
-
SSDEEP
12288:9iGjtavmy2p2aY6DXaw2dXoTmSAHBsoV:r0aYxD9oTmdHBsG
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-