General
-
Target
794d29d2a03c6414456fdb791c61feec97a1e9cd3700d087b02c39fb166a2bae
-
Size
148KB
-
Sample
220217-aq69ysehc7
-
MD5
74aa47b2d7722edfb0ffc8774ff89ab4
-
SHA1
d6381cd5590a1fb2bd70823779d10b7b9d74e4b6
-
SHA256
794d29d2a03c6414456fdb791c61feec97a1e9cd3700d087b02c39fb166a2bae
-
SHA512
c3300fa4596a3b0bb8adf66f33d695f6e0c0d038f77e8330663e8a3150ad1bdb48b7e269b065bbb957183417f3d9df2dbd0bd8e8083f817078749637dad72d0d
Behavioral task
behavioral1
Sample
794d29d2a03c6414456fdb791c61feec97a1e9cd3700d087b02c39fb166a2bae.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
794d29d2a03c6414456fdb791c61feec97a1e9cd3700d087b02c39fb166a2bae.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
155.94.198.169:9112
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
Corona-Virus
-
install_path
%AppData%\Install\offiice365.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Pounds
-
registry_autorun
true
-
startup_name
officeii365
-
use_mutex
false
Targets
-
-
Target
794d29d2a03c6414456fdb791c61feec97a1e9cd3700d087b02c39fb166a2bae
-
Size
148KB
-
MD5
74aa47b2d7722edfb0ffc8774ff89ab4
-
SHA1
d6381cd5590a1fb2bd70823779d10b7b9d74e4b6
-
SHA256
794d29d2a03c6414456fdb791c61feec97a1e9cd3700d087b02c39fb166a2bae
-
SHA512
c3300fa4596a3b0bb8adf66f33d695f6e0c0d038f77e8330663e8a3150ad1bdb48b7e269b065bbb957183417f3d9df2dbd0bd8e8083f817078749637dad72d0d
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-