General
-
Target
63814b99871f5bdcefca068e2ce4590ed565e30cf5217b83513a3d4b1b8d0d68
-
Size
148KB
-
Sample
220217-ctnywsfhg2
-
MD5
ec2883c69ada31a9b06dcff508de2ff6
-
SHA1
18e5d1df785debc83fd6368052f70b3d3ec38822
-
SHA256
63814b99871f5bdcefca068e2ce4590ed565e30cf5217b83513a3d4b1b8d0d68
-
SHA512
872947a8c755d1e2854ae8b61caa4e56b22306ff0c1dfcbed5eeaeeaba51b3c06e6f1432654a8a22a63deb38bc4679ec1cd4a2e2873b16cc2280589b5e1fbb72
Behavioral task
behavioral1
Sample
63814b99871f5bdcefca068e2ce4590ed565e30cf5217b83513a3d4b1b8d0d68.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
63814b99871f5bdcefca068e2ce4590ed565e30cf5217b83513a3d4b1b8d0d68.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
155.94.198.169:9112
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
Corona-Virus
-
install_path
%AppData%\Install\offiice365.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Pounds
-
registry_autorun
true
-
startup_name
officeii365
-
use_mutex
false
Targets
-
-
Target
63814b99871f5bdcefca068e2ce4590ed565e30cf5217b83513a3d4b1b8d0d68
-
Size
148KB
-
MD5
ec2883c69ada31a9b06dcff508de2ff6
-
SHA1
18e5d1df785debc83fd6368052f70b3d3ec38822
-
SHA256
63814b99871f5bdcefca068e2ce4590ed565e30cf5217b83513a3d4b1b8d0d68
-
SHA512
872947a8c755d1e2854ae8b61caa4e56b22306ff0c1dfcbed5eeaeeaba51b3c06e6f1432654a8a22a63deb38bc4679ec1cd4a2e2873b16cc2280589b5e1fbb72
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-