General
-
Target
fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc
-
Size
388KB
-
Sample
230129-y7vjgsca96
-
MD5
34654a94e660d58f0b6945fef2cee186
-
SHA1
9abfb37c42453dd08715febf84ab3a31aae13cb3
-
SHA256
fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc
-
SHA512
d05b57d32c48b188bb994bb83c331743477de7f62339ebd1a912c530351f1c7acf94c4865e6bd4102439d9adb72dad71cab42d32e7f7af035064fbc4b23259f9
-
SSDEEP
6144:ibMyg1qD4LM0Pg/MPd/3LtrRPNUpB+kn8/2///0DdWSPB6VKYGzzz03iU8dnH:IYLkEF/35nt7D4SPB6V3GzJnH
Static task
static1
Behavioral task
behavioral1
Sample
fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
porshe.camdvr.org:1603
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc
-
Size
388KB
-
MD5
34654a94e660d58f0b6945fef2cee186
-
SHA1
9abfb37c42453dd08715febf84ab3a31aae13cb3
-
SHA256
fafe264a78aab8cc5f31b67519c8fb395c595e38de89d1279bb8a032e479fedc
-
SHA512
d05b57d32c48b188bb994bb83c331743477de7f62339ebd1a912c530351f1c7acf94c4865e6bd4102439d9adb72dad71cab42d32e7f7af035064fbc4b23259f9
-
SSDEEP
6144:ibMyg1qD4LM0Pg/MPd/3LtrRPNUpB+kn8/2///0DdWSPB6VKYGzzz03iU8dnH:IYLkEF/35nt7D4SPB6V3GzJnH
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-