General
-
Target
cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
-
Size
284KB
-
Sample
230129-wrrrjsge32
-
MD5
8ac5bd7b6012be46799fd8ab25fb6390
-
SHA1
7f5542064ba7fe1fa2e44d259f576b2054915f47
-
SHA256
cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
-
SHA512
8612c8515324f7a93ce94515690a46067a8754fa2a874074181ee68c33e025449cd5867be620710e53ae1a0bf47fc70cbe4f9e80c5880c21a86c7a70c2a52ff1
-
SSDEEP
6144:pNNaI9Q51BCwYdKxpqNELJXYM+Ab6Rye2k6YDq5cPNEjoeF:pNNlefCwpqNERYM3PM3qAEjoG
Static task
static1
Behavioral task
behavioral1
Sample
cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
melvintravel.ddns.net:39760
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
EngineWEALTH
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
mutex
qJfDOWue
-
offline_keylogger
true
-
password
Onelove
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
-
Size
284KB
-
MD5
8ac5bd7b6012be46799fd8ab25fb6390
-
SHA1
7f5542064ba7fe1fa2e44d259f576b2054915f47
-
SHA256
cd73f6562e0e4d49a8fe056772ce180c3103e36ee6a122303fe20173baac5310
-
SHA512
8612c8515324f7a93ce94515690a46067a8754fa2a874074181ee68c33e025449cd5867be620710e53ae1a0bf47fc70cbe4f9e80c5880c21a86c7a70c2a52ff1
-
SSDEEP
6144:pNNaI9Q51BCwYdKxpqNELJXYM+Ab6Rye2k6YDq5cPNEjoeF:pNNlefCwpqNERYM3PM3qAEjoG
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-