General
-
Target
86632e646e0aa7a9e6705b6385e37006de9eb9c66f4a508fbbe12689bad8d10e
-
Size
160KB
-
Sample
220217-aav7rafhbk
-
MD5
bba8c544d808089aa2a99ebe375e1d2b
-
SHA1
68ef67c7b0f9e611ef8b7e480d8dc2560d152bb2
-
SHA256
86632e646e0aa7a9e6705b6385e37006de9eb9c66f4a508fbbe12689bad8d10e
-
SHA512
8548c18adc9746bd1e69f6117afc26905576f09fdef92fb3135780e7acbca82c29277743e849347637b6cb1a284230c8a51c22ce8660027b7766fe721701035b
Behavioral task
behavioral1
Sample
86632e646e0aa7a9e6705b6385e37006de9eb9c66f4a508fbbe12689bad8d10e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
86632e646e0aa7a9e6705b6385e37006de9eb9c66f4a508fbbe12689bad8d10e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
androidratmobihack.ddns.net:3360
androidratmobihack.ddns.net:7777
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
qRhguWXi
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
Crack_Windows
-
use_mutex
true
Targets
-
-
Target
86632e646e0aa7a9e6705b6385e37006de9eb9c66f4a508fbbe12689bad8d10e
-
Size
160KB
-
MD5
bba8c544d808089aa2a99ebe375e1d2b
-
SHA1
68ef67c7b0f9e611ef8b7e480d8dc2560d152bb2
-
SHA256
86632e646e0aa7a9e6705b6385e37006de9eb9c66f4a508fbbe12689bad8d10e
-
SHA512
8548c18adc9746bd1e69f6117afc26905576f09fdef92fb3135780e7acbca82c29277743e849347637b6cb1a284230c8a51c22ce8660027b7766fe721701035b
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-