General
-
Target
SLIP01.SCR.exe
-
Size
590KB
-
Sample
220915-ntek1agfcm
-
MD5
525a97cd72d93754f7bf4ef3c9c291cf
-
SHA1
4751f756e2eefbdf54147b5c5b7b178c226efbf2
-
SHA256
09ecefeba092b02d99a1e113987c66c383d3c0a3f4d15bf1d87990200401ed6b
-
SHA512
5f8d27387b4e2478d7074fc510dc483e909fbba6d8f717866f8fcc185f27a33b1c81a3da2f7131399236bbca34cb31da25c3619e9945c0f04f51859fa848b6e8
-
SSDEEP
12288:hMJl4djkXtEoVLEeYOLu/fkwl5aY3IiB+5IV:2X+o1EeYfvZ2m
Static task
static1
Behavioral task
behavioral1
Sample
SLIP01.SCR.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
iphanyi.edns.biz:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
RDP_SEPT_2022
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
caster123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SLIP01.SCR.exe
-
Size
590KB
-
MD5
525a97cd72d93754f7bf4ef3c9c291cf
-
SHA1
4751f756e2eefbdf54147b5c5b7b178c226efbf2
-
SHA256
09ecefeba092b02d99a1e113987c66c383d3c0a3f4d15bf1d87990200401ed6b
-
SHA512
5f8d27387b4e2478d7074fc510dc483e909fbba6d8f717866f8fcc185f27a33b1c81a3da2f7131399236bbca34cb31da25c3619e9945c0f04f51859fa848b6e8
-
SSDEEP
12288:hMJl4djkXtEoVLEeYOLu/fkwl5aY3IiB+5IV:2X+o1EeYfvZ2m
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-