General
-
Target
bad.SCR
-
Size
590KB
-
Sample
220914-www7tsegbr
-
MD5
b153afafb961cb048c9039106dae3998
-
SHA1
7e460577f85b85b704bd8b109e8174de96231cb2
-
SHA256
b753b5997557c0cd4758e3731da45e07b2836fd2fd4bc3a7d5e575e98a083aba
-
SHA512
d7d71962bfb9b24582f1ce22866c74e12fbc386601337fd31896f50e03d965648941e34c2bcc7c4778ef55ff1fa37bc71d33b2fd6ba12ee3598a556ecd74cd38
-
SSDEEP
12288:ggoFOvUY5bAjlrI4WnRNSUZoOkB8AqmzAKV:7vUMb4ryniPOMV
Static task
static1
Behavioral task
behavioral1
Sample
bad.scr
Resource
win7-20220812-en
Malware Config
Extracted
netwire
iphanyi.edns.biz:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
RDP_SEPT_2022
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
caster123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
bad.SCR
-
Size
590KB
-
MD5
b153afafb961cb048c9039106dae3998
-
SHA1
7e460577f85b85b704bd8b109e8174de96231cb2
-
SHA256
b753b5997557c0cd4758e3731da45e07b2836fd2fd4bc3a7d5e575e98a083aba
-
SHA512
d7d71962bfb9b24582f1ce22866c74e12fbc386601337fd31896f50e03d965648941e34c2bcc7c4778ef55ff1fa37bc71d33b2fd6ba12ee3598a556ecd74cd38
-
SSDEEP
12288:ggoFOvUY5bAjlrI4WnRNSUZoOkB8AqmzAKV:7vUMb4ryniPOMV
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-