General
-
Target
b4342b4b5f8e08badc18fc540b8da2c526fb1b9b1988f87fd877648f53e952cd
-
Size
618KB
-
Sample
220521-n74r2shhhm
-
MD5
8c55cba01db3ea37db03917b97c49b2f
-
SHA1
e86a93f9b85527e330a2c03e01d243ce38231c09
-
SHA256
b4342b4b5f8e08badc18fc540b8da2c526fb1b9b1988f87fd877648f53e952cd
-
SHA512
801c578d0a5910210c16143aa1f7911a228d8f17c301773316c36b1ea42bbc9ef0c5b70cc363bcdf4df837f701f55fd23602c3fd025d70462912a6d871420efd
Static task
static1
Behavioral task
behavioral1
Sample
b4342b4b5f8e08badc18fc540b8da2c526fb1b9b1988f87fd877648f53e952cd.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b4342b4b5f8e08badc18fc540b8da2c526fb1b9b1988f87fd877648f53e952cd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
fdghfghdfghjhgjkgfgjh234569.ru:6974
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
a2nw
- install_path
- keylogger_dir
-
lock_executable
false
-
mutex
NrPiWfVe
-
offline_keylogger
false
-
password
rdfs34df32sdf
-
registry_autorun
false
- startup_name
-
use_mutex
true
Targets
-
-
Target
b4342b4b5f8e08badc18fc540b8da2c526fb1b9b1988f87fd877648f53e952cd
-
Size
618KB
-
MD5
8c55cba01db3ea37db03917b97c49b2f
-
SHA1
e86a93f9b85527e330a2c03e01d243ce38231c09
-
SHA256
b4342b4b5f8e08badc18fc540b8da2c526fb1b9b1988f87fd877648f53e952cd
-
SHA512
801c578d0a5910210c16143aa1f7911a228d8f17c301773316c36b1ea42bbc9ef0c5b70cc363bcdf4df837f701f55fd23602c3fd025d70462912a6d871420efd
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-