General
-
Target
36313254993f83019d1d7822abb6d326eaa1706573dadc3fea640b97338b04a4
-
Size
1.6MB
-
Sample
220626-dvvcqshab7
-
MD5
5abea2f9a0aece3b29fa571b4d15c887
-
SHA1
d9959bb0087f2c985b603cee0e760f3e0faaab15
-
SHA256
36313254993f83019d1d7822abb6d326eaa1706573dadc3fea640b97338b04a4
-
SHA512
519dd6a0bc6740e46eb9146080c8097260e9ab0baac88e4311fb74fb171ee8c1d0324d7ba283c25d3c83bc9ee72e0a35c59a5627bce03f7b2b43c5405d16d685
Static task
static1
Behavioral task
behavioral1
Sample
36313254993f83019d1d7822abb6d326eaa1706573dadc3fea640b97338b04a4.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
10.59.38.14:2342
-
activex_autorun
false
-
copy_executable
true
-
delete_original
true
-
host_id
WindowsUpdate
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
mutex
xxwRTjnM
-
offline_keylogger
true
-
password
Bigman2017
-
registry_autorun
false
-
use_mutex
true
Targets
-
-
Target
36313254993f83019d1d7822abb6d326eaa1706573dadc3fea640b97338b04a4
-
Size
1.6MB
-
MD5
5abea2f9a0aece3b29fa571b4d15c887
-
SHA1
d9959bb0087f2c985b603cee0e760f3e0faaab15
-
SHA256
36313254993f83019d1d7822abb6d326eaa1706573dadc3fea640b97338b04a4
-
SHA512
519dd6a0bc6740e46eb9146080c8097260e9ab0baac88e4311fb74fb171ee8c1d0324d7ba283c25d3c83bc9ee72e0a35c59a5627bce03f7b2b43c5405d16d685
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-