General
-
Target
89C85C0316B5563265F115F8CC92CD04.exe
-
Size
672KB
-
Sample
220919-hfrqhsgfbp
-
MD5
89c85c0316b5563265f115f8cc92cd04
-
SHA1
c19439c2da9e4d8ba8d54e718a50937c813ca48d
-
SHA256
5a5f7721885adee7adf0d453d5f05b7cb25881bf7fbf8dd9646625b2c964008f
-
SHA512
3c89658d959bba75671cddf316a0cd690f4296e70e0106d637d67b6e8b1b39c93798a5df98cced49f637005945426bcec685e7295d7fffd9b628250e38eb988e
-
SSDEEP
12288:gspGbjpJw47mZyoFskA+C4FnHonQ45eqXy951BTGEe:q+1F+ySQqeqXy951oEe
Static task
static1
Behavioral task
behavioral1
Sample
89C85C0316B5563265F115F8CC92CD04.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
iphy.strangled.net:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
RDP_SEPT_2022
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
caster123
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
89C85C0316B5563265F115F8CC92CD04.exe
-
Size
672KB
-
MD5
89c85c0316b5563265f115f8cc92cd04
-
SHA1
c19439c2da9e4d8ba8d54e718a50937c813ca48d
-
SHA256
5a5f7721885adee7adf0d453d5f05b7cb25881bf7fbf8dd9646625b2c964008f
-
SHA512
3c89658d959bba75671cddf316a0cd690f4296e70e0106d637d67b6e8b1b39c93798a5df98cced49f637005945426bcec685e7295d7fffd9b628250e38eb988e
-
SSDEEP
12288:gspGbjpJw47mZyoFskA+C4FnHonQ45eqXy951BTGEe:q+1F+ySQqeqXy951oEe
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-