General
-
Target
5dfcf6efcbb02b8c8f7621a5eb2ab6b9e7cb9f8eae8272e763c21847642ac3d2
-
Size
1.0MB
-
Sample
220731-1nfmbshfg2
-
MD5
a2d20998ca917e55b1900c5c19c5c696
-
SHA1
b4c5296ce6e88e435e2e6a072eaf8e35f9dcb952
-
SHA256
5dfcf6efcbb02b8c8f7621a5eb2ab6b9e7cb9f8eae8272e763c21847642ac3d2
-
SHA512
52f461acc91c9b67049b5259f898049b405c31504d4b5f71e59bdb8bb60784217e66f526f96386a25e9ab1e385bbb66696c9ef0f605dbc652c19f47e0729699d
Static task
static1
Behavioral task
behavioral1
Sample
5dfcf6efcbb02b8c8f7621a5eb2ab6b9e7cb9f8eae8272e763c21847642ac3d2.exe
Resource
win7-20220718-en
Malware Config
Extracted
netwire
dinesaad.hopto.org:8123
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Extracted
formbook
3.8
js3
mk-autopflege.com
samanthawipulasinhe.com
hbzxcdc.com
lmcdecorating.com
e-spirit-technologies.com
dragonballgame.com
schedulerapp.info
heavenlyscentusa.com
malrohservice.com
vapmoda.com
elenasvoice.com
bogs.finance
heartworkdesigns.com
onportraits.com
clienteleventures.com
syxfzdj.com
conalider.com
zyd-touch.com
louisianetrotobas.com
zwoyi.info
throughtrialswestand.com
desayunosorpresaibague.com
tianshin.com
erdap.com
christiancomfort.com
rolexveneto.info
newspaperrunning.site
herbaltakviye.com
motivations-sprueche.com
thadeusz-silks.com
201805.top
artdirectorpro.com
cost-plus-inc.net
meetbitbot.com
beautysquaredmckinney.com
dyblpb.info
ageyear.com
oldsaltoysters.com
51cnyimei.net
329shh.info
sqbyrxd.com
mytinypals.com
tysharp.info
dateondate.com
volunteerwisconsin.net
freelency.com
xn--kcr23bnz9g.com
caphedocosaigon.com
gamplia.com
brewpm.com
massagegaytphcm.com
electricaudios.com
urbancatfitter.com
athleticdigitalidentity.com
knownmadrid.com
youfazaixiangw.com
xiaolinfashion.com
aoxwindows.com
evmotorbike.com
ancientartifactreplicas.com
bitcoinvlogger.com
bluewaterweddingsblog.com
fury-ads.com
rowp.services
szccf360.com
Targets
-
-
Target
5dfcf6efcbb02b8c8f7621a5eb2ab6b9e7cb9f8eae8272e763c21847642ac3d2
-
Size
1.0MB
-
MD5
a2d20998ca917e55b1900c5c19c5c696
-
SHA1
b4c5296ce6e88e435e2e6a072eaf8e35f9dcb952
-
SHA256
5dfcf6efcbb02b8c8f7621a5eb2ab6b9e7cb9f8eae8272e763c21847642ac3d2
-
SHA512
52f461acc91c9b67049b5259f898049b405c31504d4b5f71e59bdb8bb60784217e66f526f96386a25e9ab1e385bbb66696c9ef0f605dbc652c19f47e0729699d
-
NetWire RAT payload
-
Formbook payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-