General
-
Target
cded3258be6ee1f27dedceb41ddc5cb0b9f35db1daed5626643f6e92747ba348
-
Size
237KB
-
Sample
220216-zzqe8sdae6
-
MD5
b07832b0972e53a061c5293a37773a1e
-
SHA1
cb5d257d565b7fdba79851c8008d0a17d01f914d
-
SHA256
cded3258be6ee1f27dedceb41ddc5cb0b9f35db1daed5626643f6e92747ba348
-
SHA512
e977f86dc9f6c288b0e77e6701e89e2dd1d8834fe1a4c2c4926e1493d35ddb538e44df27c7988e83f4b9521aaf717fcb93a55b5449b69729d56f80bc4f8d2be5
Behavioral task
behavioral1
Sample
cded3258be6ee1f27dedceb41ddc5cb0b9f35db1daed5626643f6e92747ba348.exe
Resource
win7-en-20211208
Malware Config
Extracted
netwire
23.105.131.142:3368
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Love1234
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
cded3258be6ee1f27dedceb41ddc5cb0b9f35db1daed5626643f6e92747ba348
-
Size
237KB
-
MD5
b07832b0972e53a061c5293a37773a1e
-
SHA1
cb5d257d565b7fdba79851c8008d0a17d01f914d
-
SHA256
cded3258be6ee1f27dedceb41ddc5cb0b9f35db1daed5626643f6e92747ba348
-
SHA512
e977f86dc9f6c288b0e77e6701e89e2dd1d8834fe1a4c2c4926e1493d35ddb538e44df27c7988e83f4b9521aaf717fcb93a55b5449b69729d56f80bc4f8d2be5
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-