General
-
Target
Receipt.exe
-
Size
618KB
-
Sample
220704-m5n35sggcq
-
MD5
858d1e0eddd45f3eab536395c300102f
-
SHA1
b090134e13e3a20062d2d09cd7d83970a14e1b92
-
SHA256
229ff184991f195905eccc593bdf566ceccc8631155e86b0f16b7c0d07adc221
-
SHA512
7a64d40c2f75a74e9f417c8014787cf1bf1827478dadfaa1cc2906cc6670e8ae8180897ed520164cfb011e1552142801d21f7dd0eebcd6dd80c1e221e82765f6
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Receipt.exe
-
Size
618KB
-
MD5
858d1e0eddd45f3eab536395c300102f
-
SHA1
b090134e13e3a20062d2d09cd7d83970a14e1b92
-
SHA256
229ff184991f195905eccc593bdf566ceccc8631155e86b0f16b7c0d07adc221
-
SHA512
7a64d40c2f75a74e9f417c8014787cf1bf1827478dadfaa1cc2906cc6670e8ae8180897ed520164cfb011e1552142801d21f7dd0eebcd6dd80c1e221e82765f6
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-