General
-
Target
NisSrv.exe
-
Size
584KB
-
Sample
221014-wa58lsdhe6
-
MD5
85f14631181a8867a2d41122482ba8dc
-
SHA1
8e2f2bce824c97cb8dd83c1736cd1de6897bb054
-
SHA256
bbcca0dc10b700c01e557612f009c050ca618f227e0b8be3d4f471dd9d887a18
-
SHA512
aec36afdc33880622492010ed028e679778abb8470a8e9517f8c241de0f8a158da3ce1c767e7671b5aab14c77624009e05af35472eb0d6c2e411918756f4d855
-
SSDEEP
6144:6toWmFzltNCF9NuUzSa3YYcahynDzcjzH1DFKH3oGu8EdoXRXHd:6toNFZj4QySHYca0UjzVDFKH3ox5y3
Static task
static1
Behavioral task
behavioral1
Sample
NisSrv.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
54.145.6.146:443
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
MSOffice-%Rand%
-
lock_executable
false
-
mutex
IERXehpS
-
offline_keylogger
false
-
password
a1cap0ne@1960s
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
NisSrv.exe
-
Size
584KB
-
MD5
85f14631181a8867a2d41122482ba8dc
-
SHA1
8e2f2bce824c97cb8dd83c1736cd1de6897bb054
-
SHA256
bbcca0dc10b700c01e557612f009c050ca618f227e0b8be3d4f471dd9d887a18
-
SHA512
aec36afdc33880622492010ed028e679778abb8470a8e9517f8c241de0f8a158da3ce1c767e7671b5aab14c77624009e05af35472eb0d6c2e411918756f4d855
-
SSDEEP
6144:6toWmFzltNCF9NuUzSa3YYcahynDzcjzH1DFKH3oGu8EdoXRXHd:6toNFZj4QySHYca0UjzVDFKH3ox5y3
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-