General
-
Target
Vestel Teklif talebi.doc
-
Size
39KB
-
Sample
230221-rpk4rsfa97
-
MD5
2f33e743eb105ce162a713b1b21e429d
-
SHA1
ba35963190d4f31ca073682f412849970ad7019d
-
SHA256
df770aabdc39c9255b2eab82391b1246ca57f2108c670fcba0f40b7c46c7ddb7
-
SHA512
c1129baea902067a3a44bbdfb5bc8958ef67cafb6714373669da2b112feacbfff73623d34028d7678eb710b3b3479315ef2a7318ccc0454979c6d0dbe78f1c20
-
SSDEEP
768:5Fx0XaIsnPRIa4fwJMGNH2YRrenTu1HBO85sH4mY6u:5f0Xvx3EMKHFR/HBO85sYou
Static task
static1
Behavioral task
behavioral1
Sample
Vestel Teklif talebi.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Vestel Teklif talebi.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
netwire
zekeriyasolek44.duckdns.org:3102
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Valentine End
-
install_path
%Windows%\Windows DataPoint\Windows Data Start.exe
-
lock_executable
false
-
mutex
Windows
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Vestel Teklif talebi.doc
-
Size
39KB
-
MD5
2f33e743eb105ce162a713b1b21e429d
-
SHA1
ba35963190d4f31ca073682f412849970ad7019d
-
SHA256
df770aabdc39c9255b2eab82391b1246ca57f2108c670fcba0f40b7c46c7ddb7
-
SHA512
c1129baea902067a3a44bbdfb5bc8958ef67cafb6714373669da2b112feacbfff73623d34028d7678eb710b3b3479315ef2a7318ccc0454979c6d0dbe78f1c20
-
SSDEEP
768:5Fx0XaIsnPRIa4fwJMGNH2YRrenTu1HBO85sH4mY6u:5f0Xvx3EMKHFR/HBO85sYou
Score10/10-
NetWire RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-