General
-
Target
afb777c3c1bbd190af137c193d61137833365f73c9e8915e15fa0bc260aecdb5
-
Size
247KB
-
Sample
220521-n75z4sege6
-
MD5
930d854da3822f77268180b89ec539a4
-
SHA1
b550164598c3a7c9f2e131891c4ccae8193f93ba
-
SHA256
afb777c3c1bbd190af137c193d61137833365f73c9e8915e15fa0bc260aecdb5
-
SHA512
2d0049b90b6fef066571b69f365f2f4a89950c0deab1ca5347fbeed05bd09377cb0bd82565c3dac78d4fd433a60c33b63c2eb15c204b74ccd00f901d2a002186
Static task
static1
Malware Config
Extracted
netwire
194.5.97.109:3360
-
activex_autorun
false
- activex_key
-
copy_executable
true
-
delete_original
true
-
host_id
MAZI
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
- mutex
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
INQUIRY.exe
-
Size
259KB
-
MD5
f652086d83ccc25c14bbcebb9229cbd4
-
SHA1
cadd3972915bd7ffee7442c8b60ff6acc156705e
-
SHA256
9a6951c6f3c33c217edd9a4e32f5422c4e125b909d0c88e190b76eb695f05b72
-
SHA512
1fb741fe778c749d465cea204739519bf2a4bad4121d472f3ada7bbd8c7d3f09fb43eb7a3e81c0de88105bc89d1ba32254ef41bc96d13b12920e796a6cee8d0c
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-