General
-
Target
7601552d259cf367d16f624395dfdd29121b837595d0b80869f6ac2b7f6f5418
-
Size
1.2MB
-
Sample
220520-2e2c4sachr
-
MD5
9221971641350ef04444704104405421
-
SHA1
cdbc6ed2d2faef895152aa7db2672f3cf5eaa038
-
SHA256
7601552d259cf367d16f624395dfdd29121b837595d0b80869f6ac2b7f6f5418
-
SHA512
feb6617a30b240335c5379b407e656135e2c88697f01739a78e324ff8aba715b86827e77f945c34e84c281390687ed6e5ed67e88ee3fdbd74e9533f799cb6885
Static task
static1
Behavioral task
behavioral1
Sample
M5UG7W1B.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
194.5.98.225:3373
194.5.98.225:3376
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
good01230123
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
M5UG7W1B.EXE
-
Size
424KB
-
MD5
0da7c19fbcd9c3b0362754bbfccbcd79
-
SHA1
3d28a2974f0691a0fcb2ffd291b700518f6b9ac7
-
SHA256
35c080693f92425ef536a0b1bec2f1c1f975575da18a8c54cb16a47f97ce1d79
-
SHA512
88bd35861bef6e7a6db4c65baef4a32631068f6adaf99dda2d7ee93e9529729049429cc7df4eb0d64d968869d8d91051f87438bc53db49dc1c4087e17bcbf8d1
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-