General
-
Target
SV38848934334.exe
-
Size
1.3MB
-
Sample
220803-ewybfsgbbm
-
MD5
2c9e24d3c041a463e8bb0d9d98606b21
-
SHA1
90a5098f8bf91b22b9688feeeb536ac1c0c7d4bb
-
SHA256
a1bc1aba176e99f0531b911a04d6c636ef21dab12d24026c672829d0c624e16e
-
SHA512
6fdf27ed733353d7cf81de4acdd3601859bbe47bbbeadaf0931bfd8c35ab6ebff237d1df8ce4d0f6b27457537a78cce3742e0d2b8c56e722e43c75af39a04e2a
Static task
static1
Behavioral task
behavioral1
Sample
SV38848934334.exe
Resource
win7-20220718-en
Malware Config
Extracted
netwire
xman2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SV38848934334.exe
-
Size
1.3MB
-
MD5
2c9e24d3c041a463e8bb0d9d98606b21
-
SHA1
90a5098f8bf91b22b9688feeeb536ac1c0c7d4bb
-
SHA256
a1bc1aba176e99f0531b911a04d6c636ef21dab12d24026c672829d0c624e16e
-
SHA512
6fdf27ed733353d7cf81de4acdd3601859bbe47bbbeadaf0931bfd8c35ab6ebff237d1df8ce4d0f6b27457537a78cce3742e0d2b8c56e722e43c75af39a04e2a
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-