General
-
Target
df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
-
Size
532KB
-
Sample
230129-wqq4magd82
-
MD5
41460312beebf82c6ec41c66668fe8ca
-
SHA1
63824b88debe7f4109d0c51a788ed11dfa913b6c
-
SHA256
df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
-
SHA512
01181f26740ee6734e4aeba825ae3e1cef499d61dd8c48ab8a09fbfa257701e91e08cbe057dff3c44940abd105cc14a9d50ec4d85c12a6012b4c30a875586ba5
-
SSDEEP
6144:jas0n38fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhPXukmxJUEMz:25duAE+P9OJBQ3IPmd5t3W7K
Static task
static1
Behavioral task
behavioral1
Sample
df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
204.152.219.82:9008
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
-
Size
532KB
-
MD5
41460312beebf82c6ec41c66668fe8ca
-
SHA1
63824b88debe7f4109d0c51a788ed11dfa913b6c
-
SHA256
df16c889e128e3c308328af7cfb8f888d1fd4cdd26de73fcf97491352c43813a
-
SHA512
01181f26740ee6734e4aeba825ae3e1cef499d61dd8c48ab8a09fbfa257701e91e08cbe057dff3c44940abd105cc14a9d50ec4d85c12a6012b4c30a875586ba5
-
SSDEEP
6144:jas0n38fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhP8fUMxMcnuBhPXukmxJUEMz:25duAE+P9OJBQ3IPmd5t3W7K
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-