General
-
Target
SPY510962.exe
-
Size
344KB
-
Sample
221027-jcdj6abde7
-
MD5
735b4ad89490a8fc7e09607d16aeb317
-
SHA1
8a55d37dfee42e056f56b49a3a979babdfd7c920
-
SHA256
7ea64f3e3521d0660b5de4022b2b2dabc50f560469823bb71154f074fc9ae24d
-
SHA512
47a0a52b0a761322e4369bf8468ab1a22d090c49fafb2ccced852767a935b02320f6bd2d12c4c0e68e12c2611d1ae597892352ce0c437122e46bade1c39120b3
-
SSDEEP
6144:SweEUssBLcl0lxNZSQSeMNvq8wj7e3tn4sBADoGSGHU+Y:SXLkhjNvq17ETBADoGnH5Y
Static task
static1
Behavioral task
behavioral1
Sample
SPY510962.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SPY510962.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
netwire
85.31.46.78:3340
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
azaman
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SPY510962.exe
-
Size
344KB
-
MD5
735b4ad89490a8fc7e09607d16aeb317
-
SHA1
8a55d37dfee42e056f56b49a3a979babdfd7c920
-
SHA256
7ea64f3e3521d0660b5de4022b2b2dabc50f560469823bb71154f074fc9ae24d
-
SHA512
47a0a52b0a761322e4369bf8468ab1a22d090c49fafb2ccced852767a935b02320f6bd2d12c4c0e68e12c2611d1ae597892352ce0c437122e46bade1c39120b3
-
SSDEEP
6144:SweEUssBLcl0lxNZSQSeMNvq8wj7e3tn4sBADoGSGHU+Y:SXLkhjNvq17ETBADoGnH5Y
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-