General
-
Target
99d26620fe24a54c52d14d9acf85be03be49fca9fc80647f9d7a26f124e8598c
-
Size
767KB
-
Sample
220701-hbtdjshga9
-
MD5
0a79b8f791045175ed2702cc7dfb3dd6
-
SHA1
661a38d7f13895348d230b9c90a24662d3fa1d8c
-
SHA256
99d26620fe24a54c52d14d9acf85be03be49fca9fc80647f9d7a26f124e8598c
-
SHA512
566b7a90dd807e9b72ea03bec4ed0639708934df4c844b333fa292b5f17e56991e5c435a73f6d3859e758303818c0d87c1a64a3432190786f1ade72a7f798002
Static task
static1
Behavioral task
behavioral1
Sample
99d26620fe24a54c52d14d9acf85be03be49fca9fc80647f9d7a26f124e8598c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
99d26620fe24a54c52d14d9acf85be03be49fca9fc80647f9d7a26f124e8598c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
5.133.11.63:4068
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Pedro1234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
99d26620fe24a54c52d14d9acf85be03be49fca9fc80647f9d7a26f124e8598c
-
Size
767KB
-
MD5
0a79b8f791045175ed2702cc7dfb3dd6
-
SHA1
661a38d7f13895348d230b9c90a24662d3fa1d8c
-
SHA256
99d26620fe24a54c52d14d9acf85be03be49fca9fc80647f9d7a26f124e8598c
-
SHA512
566b7a90dd807e9b72ea03bec4ed0639708934df4c844b333fa292b5f17e56991e5c435a73f6d3859e758303818c0d87c1a64a3432190786f1ade72a7f798002
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-