General
-
Target
9f20d00b4ec898a33e130720d4d29e94070e1575
-
Size
393KB
-
Sample
230201-fwrdksca42
-
MD5
f1a220c982fa2b7330cd7c7671f8733c
-
SHA1
9f20d00b4ec898a33e130720d4d29e94070e1575
-
SHA256
15ed48a323171f521247258630d9ef6d3fe785b5fe3aa9ff77b58b150b734310
-
SHA512
face49fa9216d325062326c475fa88b5170ac39ea2bed44de721276ddd79f45c620064ef01372f8b90e7104c3cab9ec0a1b76a98357c7efeedcd47a1608e22c1
-
SSDEEP
12288:9YfbednM3kIg00BJ1sKN+zNva8lq1NtWH:9YenIqqFlqdWH
Static task
static1
Behavioral task
behavioral1
Sample
9f20d00b4ec898a33e130720d4d29e94070e1575.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
bright1.awsmppl.com:4770
ml.warzonedns.com:4770
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-qwU2Y0
-
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
9f20d00b4ec898a33e130720d4d29e94070e1575
-
Size
393KB
-
MD5
f1a220c982fa2b7330cd7c7671f8733c
-
SHA1
9f20d00b4ec898a33e130720d4d29e94070e1575
-
SHA256
15ed48a323171f521247258630d9ef6d3fe785b5fe3aa9ff77b58b150b734310
-
SHA512
face49fa9216d325062326c475fa88b5170ac39ea2bed44de721276ddd79f45c620064ef01372f8b90e7104c3cab9ec0a1b76a98357c7efeedcd47a1608e22c1
-
SSDEEP
12288:9YfbednM3kIg00BJ1sKN+zNva8lq1NtWH:9YenIqqFlqdWH
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-