General
-
Target
98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b
-
Size
240KB
-
Sample
221130-pxfsxaea81
-
MD5
71d19d67285a6b763c4f83b8ce259038
-
SHA1
de1bc1b15afbf71e0788a1bfe691293e8b29a1ae
-
SHA256
98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b
-
SHA512
3dbc0a48057cce4f67395636ce10b494a51717045e70d8951044c49693dc097094fad9ef2deddc6b95b7262f6d1ad0e9d09185099ca92ec528113541455b3ceb
-
SSDEEP
6144:ubtgFYBiXBvx84t8f6bG06fGSOLhY6A+EugurFtb:BOBiXBpxt8SZ6OY6IugurF9
Static task
static1
Behavioral task
behavioral1
Sample
98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
lamba.mywire.org:1604
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b
-
Size
240KB
-
MD5
71d19d67285a6b763c4f83b8ce259038
-
SHA1
de1bc1b15afbf71e0788a1bfe691293e8b29a1ae
-
SHA256
98a2e13f4999ce40f9789189a3ab5eb16cd0590361b95c0d59ca030454a0bf6b
-
SHA512
3dbc0a48057cce4f67395636ce10b494a51717045e70d8951044c49693dc097094fad9ef2deddc6b95b7262f6d1ad0e9d09185099ca92ec528113541455b3ceb
-
SSDEEP
6144:ubtgFYBiXBvx84t8f6bG06fGSOLhY6A+EugurFtb:BOBiXBpxt8SZ6OY6IugurF9
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-