General
-
Target
P0 200522-5PRD024.exe
-
Size
834KB
-
Sample
220520-ldak1ahfh9
-
MD5
8968318de8888badcd0dd9b320bb3ee6
-
SHA1
a6dc14ab8ed7cbbc9cc60316dc6f804850fcc82b
-
SHA256
ab50301ca528c2cee1ed6d8ea39ceed66548cc2f8418d6487573c418dbf1a824
-
SHA512
ac6ebb7c7e185b6b9c2c66cc85404f6fca734a4a4e6ab45df84f7185a4792f61964fbdf103131b0047031e65cc192da8539d9ba2fd5077ab675e0b4371a6e458
Static task
static1
Behavioral task
behavioral1
Sample
P0 200522-5PRD024.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
nowancenorly.ddns.net:6969
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
false
-
mutex
pYeAqduB
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
startup_name
��9C��ο$75�O�h
-
use_mutex
false
Targets
-
-
Target
P0 200522-5PRD024.exe
-
Size
834KB
-
MD5
8968318de8888badcd0dd9b320bb3ee6
-
SHA1
a6dc14ab8ed7cbbc9cc60316dc6f804850fcc82b
-
SHA256
ab50301ca528c2cee1ed6d8ea39ceed66548cc2f8418d6487573c418dbf1a824
-
SHA512
ac6ebb7c7e185b6b9c2c66cc85404f6fca734a4a4e6ab45df84f7185a4792f61964fbdf103131b0047031e65cc192da8539d9ba2fd5077ab675e0b4371a6e458
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-