General
-
Target
FortiClientVPNOnlineInstaller.bin
-
Size
5.7MB
-
Sample
230214-1z4tasga5y
-
MD5
0e46f2eb75a6a2c283100ca0f23541e7
-
SHA1
020a61041798d1a713626737c83750a2442c989f
-
SHA256
f631ef4ce81b9a0984d44a9468db2ae30cb37bdad67aaeb43f53d50039d8c5aa
-
SHA512
0ef241df8b18461689a619013bdd5bf280dd0d91ac61c6c9bdf145ef9db72f1cf0682628067bdf277a75b9ff0465d031adb0a5b9fba83caad856912ea5b577ef
-
SSDEEP
98304:RpYu1FgaNGYgBf03/aGXbEPI/RFYBzkvvjjz9GMd4RFTsMnIS/PKo7uJIxNulRP0:TgaNGYaISGL8k/79yPKo7pxNul0KW
Static task
static1
Behavioral task
behavioral1
Sample
FortiClientVPNOnlineInstaller.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
s2awscloudupdates.com:8081
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-gya2C2
-
lock_executable
false
-
offline_keylogger
false
-
password
happy666
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
FortiClientVPNOnlineInstaller.bin
-
Size
5.7MB
-
MD5
0e46f2eb75a6a2c283100ca0f23541e7
-
SHA1
020a61041798d1a713626737c83750a2442c989f
-
SHA256
f631ef4ce81b9a0984d44a9468db2ae30cb37bdad67aaeb43f53d50039d8c5aa
-
SHA512
0ef241df8b18461689a619013bdd5bf280dd0d91ac61c6c9bdf145ef9db72f1cf0682628067bdf277a75b9ff0465d031adb0a5b9fba83caad856912ea5b577ef
-
SSDEEP
98304:RpYu1FgaNGYgBf03/aGXbEPI/RFYBzkvvjjz9GMd4RFTsMnIS/PKo7uJIxNulRP0:TgaNGYaISGL8k/79yPKo7pxNul0KW
-
NetWire RAT payload
-