General
-
Target
4a762e8f8af34dcfcd469d9e9bfb43c977cd878d93952.exe
-
Size
973KB
-
Sample
220629-fctdtsegbk
-
MD5
89e0f3ba3b0356030882a5d993c44a96
-
SHA1
5aa37d9479803a1fa692974323849d1eaad34328
-
SHA256
4a762e8f8af34dcfcd469d9e9bfb43c977cd878d939527053a46dd580e654c80
-
SHA512
aced63ee766f6c64c795653a889fa11c70f4c227c77c6cd432825837465b7ddb056856f87ea93c79e511f8c65d7dabda7bf47ad881265c556edde9cd22408e0b
Static task
static1
Behavioral task
behavioral1
Sample
4a762e8f8af34dcfcd469d9e9bfb43c977cd878d93952.exe
Resource
win7-20220414-en
Malware Config
Extracted
netwire
20220627.duckdns.org:4736
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
mutex
KmOVkegF
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
4a762e8f8af34dcfcd469d9e9bfb43c977cd878d93952.exe
-
Size
973KB
-
MD5
89e0f3ba3b0356030882a5d993c44a96
-
SHA1
5aa37d9479803a1fa692974323849d1eaad34328
-
SHA256
4a762e8f8af34dcfcd469d9e9bfb43c977cd878d939527053a46dd580e654c80
-
SHA512
aced63ee766f6c64c795653a889fa11c70f4c227c77c6cd432825837465b7ddb056856f87ea93c79e511f8c65d7dabda7bf47ad881265c556edde9cd22408e0b
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-