General
-
Target
7100732f28eff407e3f47910555f1eff03e30074fc0fcd612478f7f82c1384ee
-
Size
201KB
-
Sample
220217-bdke4afbg6
-
MD5
f2c86674709068e691704848d41361cd
-
SHA1
2bae7b95fbaff30043b745d21c478bfa390cb71e
-
SHA256
7100732f28eff407e3f47910555f1eff03e30074fc0fcd612478f7f82c1384ee
-
SHA512
26857a2b89f7ec8f9741a89cb927d93003a06d446a7cdb1e6a8251c3c8d27c27d7b5dc95b6b21ce8dbdc75c0a9b6e75fd1b8e271cfd5678bca3133411abe2b7a
Behavioral task
behavioral1
Sample
7100732f28eff407e3f47910555f1eff03e30074fc0fcd612478f7f82c1384ee.exe
Resource
win7-en-20211208
Malware Config
Extracted
netwire
ntw11.ddns.net:23850
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Microsoft\Install\firefox.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
OObKNWGc
-
offline_keylogger
true
-
password
Password
-
registry_autorun
true
-
startup_name
Adobe Reader
-
use_mutex
true
Targets
-
-
Target
7100732f28eff407e3f47910555f1eff03e30074fc0fcd612478f7f82c1384ee
-
Size
201KB
-
MD5
f2c86674709068e691704848d41361cd
-
SHA1
2bae7b95fbaff30043b745d21c478bfa390cb71e
-
SHA256
7100732f28eff407e3f47910555f1eff03e30074fc0fcd612478f7f82c1384ee
-
SHA512
26857a2b89f7ec8f9741a89cb927d93003a06d446a7cdb1e6a8251c3c8d27c27d7b5dc95b6b21ce8dbdc75c0a9b6e75fd1b8e271cfd5678bca3133411abe2b7a
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-