General
-
Target
1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06.zip
-
Size
668KB
-
Sample
240402-qjd8labd29
-
MD5
0f7a9a438e262c32823287861f982f71
-
SHA1
eb1497a997d0e52d87a84f48f5f6f00389894dd9
-
SHA256
2f4f1c4a65cc5dc139ee1e7bb278b90864a0df4a7bfe0bc6c5247f445792d606
-
SHA512
5aec324a84831301ac438b99d3724d16390dff6b47ba11bcb9d345416a07ecd9599f35b3d5c0cb94d9b7b47b21133747ae014ac7450cf7eda69ed6b484e91023
-
SSDEEP
12288:IeVVlZaX1MU4NkHzm6KpCoLUXkQ1ZAuhGAB2GqH2nvC/fzd/Qmb8UzWhA7:IetZcX4+HzmbCVXZYuhGAsGqWSzrYUzx
Static task
static1
Behavioral task
behavioral1
Sample
1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06.exe
Resource
win7-20240221-en
Malware Config
Extracted
netwire
halwachi50.mymediapc.net:5868
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06.exe
-
Size
1.1MB
-
MD5
9c6d1aca02db373a52401485c376d87e
-
SHA1
9cc4435729a11d7c524d761b67de508b4474b206
-
SHA256
1a2c28a7682c26ddb97885fc056dc72b2c2df437c5fa3031226e34775095df06
-
SHA512
9f4aaadf939a97e2354f18ef1943594edf2c6eb04852e4fecc68ff1eeee9146ff1ec1ac26191f8c9435e39b765da23f14aa835313de670d3235e6b4eb890955d
-
SSDEEP
24576:iCdxte/80jYLT3U1jfsWa/69ryeoEuGfYsoRzDQ:zw80cTsjkWa/FR4
-
NetWire RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-