General
-
Target
62fbf539bee897a1568b67b7f8470bfab1510e74199f7f65fbfa285d059a83b5
-
Size
160KB
-
Sample
220217-cv9xrafhh6
-
MD5
bfb071aad331dfc7729defbb20d26dce
-
SHA1
001258d9abdd9430d5d26cb637c6f9810a43379a
-
SHA256
62fbf539bee897a1568b67b7f8470bfab1510e74199f7f65fbfa285d059a83b5
-
SHA512
da75305de2a4883ee577b6f42e6477316f76c4c9461aa3756839c4cb6adb698a901d734fdf4a818c4cff281951941ac8cc6574002acb8fd60d0bf56fcd200b86
Behavioral task
behavioral1
Sample
62fbf539bee897a1568b67b7f8470bfab1510e74199f7f65fbfa285d059a83b5.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
62fbf539bee897a1568b67b7f8470bfab1510e74199f7f65fbfa285d059a83b5.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
netwire
54.38.124.53:3360
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
true
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Spotify\Launcher.exe
- keylogger_dir
-
lock_executable
true
-
mutex
LuvRmPDs
-
offline_keylogger
false
-
password
Password
-
registry_autorun
true
-
startup_name
Spotify
-
use_mutex
true
Targets
-
-
Target
62fbf539bee897a1568b67b7f8470bfab1510e74199f7f65fbfa285d059a83b5
-
Size
160KB
-
MD5
bfb071aad331dfc7729defbb20d26dce
-
SHA1
001258d9abdd9430d5d26cb637c6f9810a43379a
-
SHA256
62fbf539bee897a1568b67b7f8470bfab1510e74199f7f65fbfa285d059a83b5
-
SHA512
da75305de2a4883ee577b6f42e6477316f76c4c9461aa3756839c4cb6adb698a901d734fdf4a818c4cff281951941ac8cc6574002acb8fd60d0bf56fcd200b86
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-