General
-
Target
285074cbfbb186cb746a1e03a3b3ca95cb3611987c0aab3433978268fb590aa1
-
Size
544KB
-
Sample
230129-w3hb9agh48
-
MD5
82cf92967ff37089ac670b63f2dd45e6
-
SHA1
37cdf11edd5bf245d7d0ab61939c920270ec8cbe
-
SHA256
285074cbfbb186cb746a1e03a3b3ca95cb3611987c0aab3433978268fb590aa1
-
SHA512
4658d213a8e4688d156b32f393092d1474679544488b11f72c439e0feb1ff18ebcbbf7c83d49f6e0e947670aab244e4481b28b3c8dbfd382452bfbb1591e2323
-
SSDEEP
12288:zWkjHZV+Lfb1CnBOeMLpjOxpA+Ua2Hj+:qGlBHMZLY
Static task
static1
Behavioral task
behavioral1
Sample
285074cbfbb186cb746a1e03a3b3ca95cb3611987c0aab3433978268fb590aa1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
285074cbfbb186cb746a1e03a3b3ca95cb3611987c0aab3433978268fb590aa1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
netwire
212.7.208.123:8765
-
activex_autorun
true
-
activex_key
{L501JP3X-C6PC-RH36-475X-RS2C2OQHHGS0}
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
windows
-
use_mutex
false
Targets
-
-
Target
285074cbfbb186cb746a1e03a3b3ca95cb3611987c0aab3433978268fb590aa1
-
Size
544KB
-
MD5
82cf92967ff37089ac670b63f2dd45e6
-
SHA1
37cdf11edd5bf245d7d0ab61939c920270ec8cbe
-
SHA256
285074cbfbb186cb746a1e03a3b3ca95cb3611987c0aab3433978268fb590aa1
-
SHA512
4658d213a8e4688d156b32f393092d1474679544488b11f72c439e0feb1ff18ebcbbf7c83d49f6e0e947670aab244e4481b28b3c8dbfd382452bfbb1591e2323
-
SSDEEP
12288:zWkjHZV+Lfb1CnBOeMLpjOxpA+Ua2Hj+:qGlBHMZLY
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-