General
-
Target
7983105a2e7c1b8248c6f3b7ad354eaeaa55eaf68da61359ca1305c478cbdcef
-
Size
584KB
-
Sample
221130-ptqtpsba72
-
MD5
a6fbc836ee98068d35726e94cea20db4
-
SHA1
8a5109a69d1fcaf291ebf3e9a352d50a13800a03
-
SHA256
7983105a2e7c1b8248c6f3b7ad354eaeaa55eaf68da61359ca1305c478cbdcef
-
SHA512
af9f026ae19ed725305a9ca2475027e3138d547d9db0a7b075bf81038d188c660542f6e95d8c27c0c6cf88ef11801bece689bb1137622aa1073a13c276a5326d
-
SSDEEP
6144:FeavY8R8Xw/gaeJ2Hoh3UhUVkHhFEIp+frI36qJ:FeavYJXw/aSKlkBFEIpwrIqqJ
Static task
static1
Behavioral task
behavioral1
Sample
7983105a2e7c1b8248c6f3b7ad354eaeaa55eaf68da61359ca1305c478cbdcef.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7983105a2e7c1b8248c6f3b7ad354eaeaa55eaf68da61359ca1305c478cbdcef.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
netwire
102.165.35.166:5000
-
activex_autorun
false
-
copy_executable
true
-
delete_original
true
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
gUkYbkwQ
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
NetWire
-
use_mutex
true
Targets
-
-
Target
7983105a2e7c1b8248c6f3b7ad354eaeaa55eaf68da61359ca1305c478cbdcef
-
Size
584KB
-
MD5
a6fbc836ee98068d35726e94cea20db4
-
SHA1
8a5109a69d1fcaf291ebf3e9a352d50a13800a03
-
SHA256
7983105a2e7c1b8248c6f3b7ad354eaeaa55eaf68da61359ca1305c478cbdcef
-
SHA512
af9f026ae19ed725305a9ca2475027e3138d547d9db0a7b075bf81038d188c660542f6e95d8c27c0c6cf88ef11801bece689bb1137622aa1073a13c276a5326d
-
SSDEEP
6144:FeavY8R8Xw/gaeJ2Hoh3UhUVkHhFEIp+frI36qJ:FeavYJXw/aSKlkBFEIpwrIqqJ
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-