General
-
Target
8670714247a7ec30e354c85276dc029d5d0a1fe9338a586058813924cf5b31a6
-
Size
243KB
-
Sample
221125-lhcwxsgb89
-
MD5
7e8aa6bf5ee197f88b44894922dcba48
-
SHA1
fd75e147d4ea9bfc69ba1b06bdb9eed19bf03993
-
SHA256
8670714247a7ec30e354c85276dc029d5d0a1fe9338a586058813924cf5b31a6
-
SHA512
12044b148b2e096d573d67be1cb4db2fecfcebc4605a179efe049bc304bcc85a34f07522a405e6dcd37981c998814b67a2d5969453f8c699c189479bd77f49df
-
SSDEEP
6144:0SOJ0qvtMWjQ/TdYF7zslZ8HYdRBhptax4wFzKLuGS:0SM0qeVJYFUfYmBsx4wt1J
Static task
static1
Behavioral task
behavioral1
Sample
8670714247a7ec30e354c85276dc029d5d0a1fe9338a586058813924cf5b31a6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8670714247a7ec30e354c85276dc029d5d0a1fe9338a586058813924cf5b31a6.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
netwire
venezia-pl.myq-see.com:3737
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Nimet-2021
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
NvkPAuSe
-
offline_keylogger
true
-
password
ALANKA121
-
registry_autorun
true
-
startup_name
Greenville
-
use_mutex
true
Targets
-
-
Target
8670714247a7ec30e354c85276dc029d5d0a1fe9338a586058813924cf5b31a6
-
Size
243KB
-
MD5
7e8aa6bf5ee197f88b44894922dcba48
-
SHA1
fd75e147d4ea9bfc69ba1b06bdb9eed19bf03993
-
SHA256
8670714247a7ec30e354c85276dc029d5d0a1fe9338a586058813924cf5b31a6
-
SHA512
12044b148b2e096d573d67be1cb4db2fecfcebc4605a179efe049bc304bcc85a34f07522a405e6dcd37981c998814b67a2d5969453f8c699c189479bd77f49df
-
SSDEEP
6144:0SOJ0qvtMWjQ/TdYF7zslZ8HYdRBhptax4wFzKLuGS:0SM0qeVJYFUfYmBsx4wt1J
Score10/10-
NetWire RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-