General
-
Target
6332bbd5d1b79af8871b254f24c51f89f519eb9be9e53943f6cda666396bdad9
-
Size
160KB
-
Sample
220217-cvfnxafhg9
-
MD5
e4b66709daf493d32a6f9d9f098dd2e9
-
SHA1
3b2ef831b6f9e49a59ecca09cef999e7f206e492
-
SHA256
6332bbd5d1b79af8871b254f24c51f89f519eb9be9e53943f6cda666396bdad9
-
SHA512
053d766632fe41e815f8a41b5c5827284eaf1b176120ae36f7375ade580e2d02e9add3b10782a510b3a115c073859f36f868dbcaa29cb5682683a30d08f80196
Behavioral task
behavioral1
Sample
6332bbd5d1b79af8871b254f24c51f89f519eb9be9e53943f6cda666396bdad9.exe
Resource
win7-en-20211208
Malware Config
Extracted
netwire
69.176.95.172:2502
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\LNS\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
qxMFYgfKho5tOsgYyVpI
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
6332bbd5d1b79af8871b254f24c51f89f519eb9be9e53943f6cda666396bdad9
-
Size
160KB
-
MD5
e4b66709daf493d32a6f9d9f098dd2e9
-
SHA1
3b2ef831b6f9e49a59ecca09cef999e7f206e492
-
SHA256
6332bbd5d1b79af8871b254f24c51f89f519eb9be9e53943f6cda666396bdad9
-
SHA512
053d766632fe41e815f8a41b5c5827284eaf1b176120ae36f7375ade580e2d02e9add3b10782a510b3a115c073859f36f868dbcaa29cb5682683a30d08f80196
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-