General
-
Target
Payment Receipt.exe
-
Size
822KB
-
Sample
220804-q79peaffa3
-
MD5
85c078ec708786cf1bdb44465afd8eeb
-
SHA1
528497fc0ab6bc410fb971e4558f56fb370036ea
-
SHA256
59c95c7e7882d8eafd5314cda19c7fd39a25da55f7ea6109025693a17d5ec6f7
-
SHA512
10c16726352536599c4cebbf570902e56d5886648be6fefe6a6a55ef73e3674f90c1199d691f47b813b86b78a55321c5bd96b99853bfb87606e22131ca40d45c
Static task
static1
Behavioral task
behavioral1
Sample
Payment Receipt.exe
Resource
win7-20220715-en
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Payment Receipt.exe
-
Size
822KB
-
MD5
85c078ec708786cf1bdb44465afd8eeb
-
SHA1
528497fc0ab6bc410fb971e4558f56fb370036ea
-
SHA256
59c95c7e7882d8eafd5314cda19c7fd39a25da55f7ea6109025693a17d5ec6f7
-
SHA512
10c16726352536599c4cebbf570902e56d5886648be6fefe6a6a55ef73e3674f90c1199d691f47b813b86b78a55321c5bd96b99853bfb87606e22131ca40d45c
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-