General
-
Target
DOC-10347-1107-603xls.exe
-
Size
2.3MB
-
Sample
230215-pswzbsbg28
-
MD5
85a0b4384567f255ce2c6aa31411f914
-
SHA1
bfe922afebddb2416c59cee7cbfede2243f4da88
-
SHA256
c57867c77934d584b00c6294a3b820fc669b686f9b78a784b1ff9e8379eb90b8
-
SHA512
9fe9e36a1b40f1ef4cfb81d7eadd74ae762e492f36b60528385d15a914c5dd4b6172c495dd9fad10221be70b102ddbbf639b3ff2d609fe2df67e0365787c60a3
-
SSDEEP
24576:ykWAgJgjQGYdlYj9Ebd1rfDsbQv3U98RfoKEd5:9jQGYPRosAd5
Static task
static1
Behavioral task
behavioral1
Sample
DOC-10347-1107-603xls.exe
Resource
win7-20221111-en
Malware Config
Extracted
netwire
19ap22.duckdns.org:3333
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Jan9
-
lock_executable
false
-
mutex
xIxGEcbP
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
DOC-10347-1107-603xls.exe
-
Size
2.3MB
-
MD5
85a0b4384567f255ce2c6aa31411f914
-
SHA1
bfe922afebddb2416c59cee7cbfede2243f4da88
-
SHA256
c57867c77934d584b00c6294a3b820fc669b686f9b78a784b1ff9e8379eb90b8
-
SHA512
9fe9e36a1b40f1ef4cfb81d7eadd74ae762e492f36b60528385d15a914c5dd4b6172c495dd9fad10221be70b102ddbbf639b3ff2d609fe2df67e0365787c60a3
-
SSDEEP
24576:ykWAgJgjQGYdlYj9Ebd1rfDsbQv3U98RfoKEd5:9jQGYPRosAd5
-
NetWire RAT payload
-
Suspicious use of SetThreadContext
-