General
-
Target
SV38848934334.7z
-
Size
877KB
-
Sample
220803-kbvbyshah4
-
MD5
f77b620842bd1cbaf61adb1b85c6c31b
-
SHA1
da42cdb3d86820ff266984d8f45aa21e834f9f53
-
SHA256
f44f6fbfc891bec5aaece28be3e010289e8c067389863110a9ea493c175a342e
-
SHA512
b2da4277fecf70662f4c6e9be9bfb67aace35993ab5889569f027503e3522727763b77d8f23913e7013f3fce1bf002e7c390bbb91554a6b8947e76366e639308
Static task
static1
Behavioral task
behavioral1
Sample
SV38848934334.exe
Resource
win7-20220715-en
Malware Config
Extracted
netwire
xman2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SV38848934334.exe
-
Size
1.3MB
-
MD5
2c9e24d3c041a463e8bb0d9d98606b21
-
SHA1
90a5098f8bf91b22b9688feeeb536ac1c0c7d4bb
-
SHA256
a1bc1aba176e99f0531b911a04d6c636ef21dab12d24026c672829d0c624e16e
-
SHA512
6fdf27ed733353d7cf81de4acdd3601859bbe47bbbeadaf0931bfd8c35ab6ebff237d1df8ce4d0f6b27457537a78cce3742e0d2b8c56e722e43c75af39a04e2a
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-