General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.12142.20857
-
Size
920KB
-
Sample
220727-hmgh5aeha5
-
MD5
c351b1bd7a09b17641f40d128a36a26c
-
SHA1
eb958884a41f20db6ff81f87e947c867ec4eeb12
-
SHA256
9a558d058307b8c1ef997ef5aa803d4e1f91b94c3c4df9bf038c4b445713a37c
-
SHA512
82ba2a699e99141a802f9cb450e8885829939a70cbd3e93661116f0a92e077a07958d3a20a8ab5dd4b1ae0a3f5387ce348a11d1b246935eb4365bc58be8cbb14
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.12142.exe
Resource
win7-20220718-en
Malware Config
Extracted
netwire
194.5.98.126:3378
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Pass@2023
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.12142.20857
-
Size
920KB
-
MD5
c351b1bd7a09b17641f40d128a36a26c
-
SHA1
eb958884a41f20db6ff81f87e947c867ec4eeb12
-
SHA256
9a558d058307b8c1ef997ef5aa803d4e1f91b94c3c4df9bf038c4b445713a37c
-
SHA512
82ba2a699e99141a802f9cb450e8885829939a70cbd3e93661116f0a92e077a07958d3a20a8ab5dd4b1ae0a3f5387ce348a11d1b246935eb4365bc58be8cbb14
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-