General
-
Target
d3da5a40330a85a499e5706593908906f2e2df166d713fef626737c3a4472b6c
-
Size
321KB
-
Sample
220520-3rcqyshdc4
-
MD5
5a8a759da9cde54f967c21f7e32eee98
-
SHA1
3565e23cec0ee6bf3364bd58c010de539d3eae0d
-
SHA256
d3da5a40330a85a499e5706593908906f2e2df166d713fef626737c3a4472b6c
-
SHA512
d9856f780f68ba33b72b74b7b013289fab83329ee78c4f8f691bcddcf6c4cd7ca2856d6a160c81af9752b966f5fd1ba56910b75dfc220e77135a0900d108cbec
Static task
static1
Behavioral task
behavioral1
Sample
INV9938483.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
79.134.225.27:3360
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
INV9938483.exe
-
Size
1000KB
-
MD5
535c9fd606aa987e234792a9d0bb41b7
-
SHA1
012a12fddee7ed7c9a0e5df786af8a5a4cc9087b
-
SHA256
3d586b05bf8ae586060343c9dc3b33b82d463e177ae92dd242de1a72946e4b13
-
SHA512
4e07dacb2382daff56b32d207d27ca8862646936c25d1658548c5511b385e9497964c4496e6e34f8c4857e4b744919a6d36a3eef4e382656132dfb06e2392de4
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-