General
-
Target
b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8
-
Size
1.2MB
-
Sample
220521-n9w5zsehc7
-
MD5
464bd6ae6d1e1d7a6f88cdd7aa5025a2
-
SHA1
ebeb378de41055d1f21a662a521a82937a485332
-
SHA256
b40a3c0aa371e80fb0cc86dfcb249a788f50260d490d950718f49c64e188a3b8
-
SHA512
05020d770028713f22be47e32cbad15632e7e69f26d186ec599f2d136344743f7a9a6737616c6064b223554655aa8426871864a755d1f6f8e0f8510ef157dc2d
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE_93.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
185.103.96.151:6996
-
activex_autorun
false
- activex_key
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
- install_path
- keylogger_dir
-
lock_executable
false
- mutex
-
offline_keylogger
false
-
password
Ehimembano1@
-
registry_autorun
false
- startup_name
-
use_mutex
false
Targets
-
-
Target
QUOTE_93.EXE
-
Size
433KB
-
MD5
d519b9590876fd0bc7fe7e62c1f14f9c
-
SHA1
930bc4718ace81ed9d029d1b99c1cd7cf53e2b95
-
SHA256
8d91a07cffa859ef14c1deaf86f49c25003f050d4fed1d18eee1cde88f292697
-
SHA512
9d644709fdce6b603a683b0d481abf005743e1a05198522a843c5b463b1414dbfc8785da52ebbf87acddda51eaf5fa336745cefbbf264f37c21ee8121cfbad39
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-