General
-
Target
3952a3de4723e972b996401510de66b006d2c19dcebb488b013a7c116277351b
-
Size
620KB
-
Sample
220625-ng2vrsacaj
-
MD5
6ca289e14496ed3f078ddcea8ecea4a4
-
SHA1
7929b23f4c6fe4de022483138e5316ddeb3bf98b
-
SHA256
3952a3de4723e972b996401510de66b006d2c19dcebb488b013a7c116277351b
-
SHA512
658bd95581cde3e558970dfdf43cbf63067bdb561b7b4756b374c293064e4c41c5e44a12f722eacc4154b094d8d67f4eb52740d2d00de1a05972239993bdb211
Static task
static1
Behavioral task
behavioral1
Sample
3952a3de4723e972b996401510de66b006d2c19dcebb488b013a7c116277351b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3952a3de4723e972b996401510de66b006d2c19dcebb488b013a7c116277351b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
xmpphosts.ru:3366
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
mutex
ohviVvrC
-
offline_keylogger
false
-
password
456123xyz
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
3952a3de4723e972b996401510de66b006d2c19dcebb488b013a7c116277351b
-
Size
620KB
-
MD5
6ca289e14496ed3f078ddcea8ecea4a4
-
SHA1
7929b23f4c6fe4de022483138e5316ddeb3bf98b
-
SHA256
3952a3de4723e972b996401510de66b006d2c19dcebb488b013a7c116277351b
-
SHA512
658bd95581cde3e558970dfdf43cbf63067bdb561b7b4756b374c293064e4c41c5e44a12f722eacc4154b094d8d67f4eb52740d2d00de1a05972239993bdb211
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-