General
-
Target
SMS Template & Paid Invoices.com.exe
-
Size
590KB
-
Sample
220915-nxbnhschf7
-
MD5
73370756378e6f56b9d55fe4fc63bd1f
-
SHA1
852b400fa89ba46ff6ec0a0d651e6ca4e9c85760
-
SHA256
762917ae4ded0b505e288f8dbc4cb11e7dca42584c6a748d283083ebae3a1d94
-
SHA512
b3641c19f14c31cfa6242be55b0c02d58e3e131ce767dd48c0f7c418bb9bcf4045d49864e63073afb331a266a2f2dc557397fed0f9dd29c01b2ebf4fb0e78d4c
-
SSDEEP
12288:2lXlHkL9YWw+9c71aVZ5PKBKWG+oS17RcV:8hWFfKBKWF17RC
Static task
static1
Behavioral task
behavioral1
Sample
SMS Template & Paid Invoices.com.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
iphanyi.edns.biz:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
RDP_SEPT_2022
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
caster123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SMS Template & Paid Invoices.com.exe
-
Size
590KB
-
MD5
73370756378e6f56b9d55fe4fc63bd1f
-
SHA1
852b400fa89ba46ff6ec0a0d651e6ca4e9c85760
-
SHA256
762917ae4ded0b505e288f8dbc4cb11e7dca42584c6a748d283083ebae3a1d94
-
SHA512
b3641c19f14c31cfa6242be55b0c02d58e3e131ce767dd48c0f7c418bb9bcf4045d49864e63073afb331a266a2f2dc557397fed0f9dd29c01b2ebf4fb0e78d4c
-
SSDEEP
12288:2lXlHkL9YWw+9c71aVZ5PKBKWG+oS17RcV:8hWFfKBKWF17RC
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-