General
-
Target
1ad5bf740736ba3eb1f0dc9256af23922de8c45db8dd012ddb803bfd45cc41b6
-
Size
74KB
-
Sample
240417-p7xjeagc46
-
MD5
f0a71467faadea0c8f5a166d9f47e66a
-
SHA1
f61e388947cb3d42d06be1df6fa68b95048eb97c
-
SHA256
1ad5bf740736ba3eb1f0dc9256af23922de8c45db8dd012ddb803bfd45cc41b6
-
SHA512
15e68e9c125f140c78a977f418c5440bb6124026da24d88f6cb125dea55604c63533fdb0e6ec06492cd5b1c42448ada7537f05eeb41f0b270e06792fbeb49df4
-
SSDEEP
1536:QS/1ji3t33M9nxxmwj9Ne9DrZVdip43c7DBVrpKHSAj2+Wec38SSOdxy7:QS9i933iLmaQhrZVgWMPbr0HSAj2KcMD
Static task
static1
Behavioral task
behavioral1
Sample
58e6a469f1ace9ec112de054209783ad6dd469a0794f20a998a0dcdf02a4834e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
58e6a469f1ace9ec112de054209783ad6dd469a0794f20a998a0dcdf02a4834e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
netwire
fartgul.duckdns.org:3360
fartgul.duckdns.org:3369
fartgul.duckdns.org:4000
fratful.dynu.net:4000
fratful.dynu.net:3369
fratful.dynu.net:3360
tartful.hopto.org:3360
tartful.hopto.org:3369
tartful.hopto.org:4000
futerty.mooo.com:3369
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
Pay
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
KcLLFWch
-
offline_keylogger
true
-
password
Singlesingle1@
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
58e6a469f1ace9ec112de054209783ad6dd469a0794f20a998a0dcdf02a4834e.exe
-
Size
112KB
-
MD5
a7ff8ea9951ceb3e3660bfc3500b211a
-
SHA1
547237200e4044f1f6e2165b6d9d060adab4ab71
-
SHA256
58e6a469f1ace9ec112de054209783ad6dd469a0794f20a998a0dcdf02a4834e
-
SHA512
f06d47f89ef2cced0d0bc5aa69622ce74b2420b108e6c07ed83be4d93b151eb4025cd5d2005c5f65e1c59a734609eda421c27a55903546a59698ced2b8087d9a
-
SSDEEP
3072:lh0seFp3R/lmAZCx+Ru8ymVqSSWT78SpeDT2d:lh0s8p373+SNToSpF
-
NetWire RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-