General
-
Target
3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed
-
Size
1.2MB
-
Sample
220521-dm8kdsgaa6
-
MD5
085bf5edaa4f6ff34cd0bc143269395d
-
SHA1
a0760f24f47f0dcf3de907678afb64153f43e2af
-
SHA256
3f3e54ed38565062b4d46d9ef8f1fa06c34cdf9ecf998ee6ec8d9b95160547ed
-
SHA512
ae4f6344e6c4c84f83c80d9ec99e72d22d2853c51460df1402514839f8e272225fb8ab62f5bef4efa39652776155fd66d75b8c274243de6da70bbb3fd8ac99aa
Static task
static1
Behavioral task
behavioral1
Sample
FADEX_16.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
winx.xcapdatap.capetown:7390
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
Jagz_$$$
- install_path
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
P@55w0rd!
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
FADEX_16.EXE
-
Size
291KB
-
MD5
33a4cfe431ca51de83e78a58a0ba4631
-
SHA1
ce870eae750f10ec50dcfba2850ba3e0b7d50be8
-
SHA256
f24e45d41404cdbd5b3e88ef39f6b047d062ade5cb3bddbe2ad40d5331e27210
-
SHA512
fb1569a7bdc839875024c8cf29d41f8166b346b3b512a806e6f40af697a3c3cb95526caabf1431ad22fcbe284bde177cd837a87db1decce87cb1316cf9f044a3
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-