General
-
Target
Receipt.exe
-
Size
564KB
-
Sample
220630-11mamsdcd8
-
MD5
dcec53dd51b44f7c4584a5c96cf2f918
-
SHA1
7a8bd630f48663b96df871c0cd41c4a794b4f003
-
SHA256
9d9f53c7d4040936c0ce96e3a93c551e3f0823eb2b10f72f5a7def2881be346b
-
SHA512
b577f126aeae6bd4c372f75b2411c2b7d3b56dec9ce849b5ae7f176da4f577990bdff4f9276904126c38906ecacdbba4cd4bd52a8a84bb092ba16c7079182486
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Receipt.exe
-
Size
564KB
-
MD5
dcec53dd51b44f7c4584a5c96cf2f918
-
SHA1
7a8bd630f48663b96df871c0cd41c4a794b4f003
-
SHA256
9d9f53c7d4040936c0ce96e3a93c551e3f0823eb2b10f72f5a7def2881be346b
-
SHA512
b577f126aeae6bd4c372f75b2411c2b7d3b56dec9ce849b5ae7f176da4f577990bdff4f9276904126c38906ecacdbba4cd4bd52a8a84bb092ba16c7079182486
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-