General
-
Target
3be14004516edd5a47f1aa84e756c8bb19ebe544373b2c78d0b29bcedaf07c58
-
Size
787KB
-
Sample
220703-la896addcp
-
MD5
cd513891c9273716b46c5c4dcf1a7575
-
SHA1
89f7f0f6bd2dc5b5efa438b7ed1a8b2f796d8486
-
SHA256
3be14004516edd5a47f1aa84e756c8bb19ebe544373b2c78d0b29bcedaf07c58
-
SHA512
730e31e31b9bade6b1e2743cef3224230d8f06db4952c29b6ea44995439f2d45717604da605673a926acb6317a1ea6d0bd1fb3b9ea41ed92dc80a9cf27bdc7a8
Static task
static1
Behavioral task
behavioral1
Sample
3be14004516edd5a47f1aa84e756c8bb19ebe544373b2c78d0b29bcedaf07c58.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3be14004516edd5a47f1aa84e756c8bb19ebe544373b2c78d0b29bcedaf07c58.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
netwire
okonma.duckdns.org:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
okonma
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
okonma
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3be14004516edd5a47f1aa84e756c8bb19ebe544373b2c78d0b29bcedaf07c58
-
Size
787KB
-
MD5
cd513891c9273716b46c5c4dcf1a7575
-
SHA1
89f7f0f6bd2dc5b5efa438b7ed1a8b2f796d8486
-
SHA256
3be14004516edd5a47f1aa84e756c8bb19ebe544373b2c78d0b29bcedaf07c58
-
SHA512
730e31e31b9bade6b1e2743cef3224230d8f06db4952c29b6ea44995439f2d45717604da605673a926acb6317a1ea6d0bd1fb3b9ea41ed92dc80a9cf27bdc7a8
Score10/10-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-