General
-
Target
f8d54d69a3d89f5417af6ac2438e70fc598501d612b6f96df412975927f31c1b
-
Size
355KB
-
Sample
220521-b82mvsdde6
-
MD5
d3b7efbbcba32ece8389bf4d67538fb8
-
SHA1
aa7a1d1350c2ac2e4bead2872f509a58e56ba751
-
SHA256
f8d54d69a3d89f5417af6ac2438e70fc598501d612b6f96df412975927f31c1b
-
SHA512
28d3a9a03b53959dfb632cd187847de2e27a4689d2f50d3d0b3cfe05a452fafd066da2fb960e5ff6a6cb7e53bdc683011ae73689a277edfbb964f7046c9a8bca
Static task
static1
Behavioral task
behavioral1
Sample
OrderList.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
gold1.dnsupdate.info:4770
79.134.225.79:4770
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
OrderList.exe
-
Size
616KB
-
MD5
1337cd4ad86e2a55d005dd32fdbe03f9
-
SHA1
a0a23d6ecb8c6a60503d0b593165310a6f8a1ab1
-
SHA256
be148ec34c1a4adc8afa7bd26f7951dc5f11984d07024a10b4af1c285f38b588
-
SHA512
8f83ecd25d858f35eb382254e87b45de11a0a884a88ab5fbf4938338ec185a5a8d9ec3dda04abc798d0355e65eedbbfccf7613315bf1962d08b095aecaa748fe
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-