General
-
Target
9fa55761cbb245c1f1ffae0470cac581ad2c6483e2ff35e55d1c92a66f938b44
-
Size
309KB
-
Sample
220521-abtejscgfr
-
MD5
a732fb8a6b8aa55b295340f56b1c9cd2
-
SHA1
5bc4a1bc018bda0c5486cac927823fd975df8e74
-
SHA256
9fa55761cbb245c1f1ffae0470cac581ad2c6483e2ff35e55d1c92a66f938b44
-
SHA512
bee2b829cf25f14f50ddde9b2f0ff7e58fad82f73837db875b9c07c4222529b9cf6a45a83e7151909a910980248e3534a74d42ff177ac301dcca22afacb24d9c
Static task
static1
Behavioral task
behavioral1
Sample
Quotation 21946 3MuR7U.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
evapimp.myq-see.com:2424
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
NEW
- install_path
- keylogger_dir
-
lock_executable
true
-
mutex
VtbDeAKY
-
offline_keylogger
false
-
password
evapimp
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
Quotation 21946 3MuR7U.exe
-
Size
351KB
-
MD5
b5f8fb837bc7904e1689291c8d64b1ad
-
SHA1
4fc08863ec08a7372e7fa0449501e5fd99c3ab93
-
SHA256
2e54ae1fe78471492cc217d238fcd7f0158ae8f22a35e9576a91b3a6614c2d08
-
SHA512
9e1dcf8e46940f41ab07fe69fe6b8c3397b6429a3c0d1163f69b16a36ce4a1e3462a4a6c11c4dbba2ab9d2f23c5ef77f3fd939db4b2e62fdc7970b406fda856f
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-