General
-
Target
629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e
-
Size
245KB
-
Sample
220521-btmkdsfecj
-
MD5
f6bd9a111b3d59431c688b1a41a0681d
-
SHA1
0173f368a929238110b6cff5ef05e17f35c6761e
-
SHA256
629ac7f51d1bb60d65dbf55694c25bc01681d5fd349fca17b0aef9ddd8ad049e
-
SHA512
6ccaa07cae981015f281f8b1cb7a9602ebf1a6089bb8b28f37d5d26dc91a5518f4c0e89b6c1dd033c07cac72e61c90e7d22998b3c4cf5340840f01e72ef8810d
Static task
static1
Behavioral task
behavioral1
Sample
#204811.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
ichie02.ddns.net:3360
84.38.135.207:3360
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
true
-
host_id
ICHIE007
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
mutex
AcYrNKLE
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
#204811.exe
-
Size
287KB
-
MD5
1fb35d8aa5797fbbc4225a095c106552
-
SHA1
cb08a463884542659aa9856d2dd0dd8e5d3f31cb
-
SHA256
fc70d13e41ab6c3d36b72e329549c48e70767e37b06c5bbe7284896e935c6815
-
SHA512
aeb871ca5da00328c3f5742bef2ccd6715f27c76f62db47118237312801f1b7b9672afa5becc67f01d50bc887f80b92cde80c7242468ddf55f5660774d7884bc
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-