General
-
Target
a19b2cd3ea8c79684ba85dfe7167c5afa9a739cfceac75f79a9c0132ae0bc7b3
-
Size
949KB
-
Sample
220805-pfhk6sceh8
-
MD5
b0e74647415c0edb08b82e65aa7edd27
-
SHA1
f9a486d9918626c73c54af54a9d9e041b141559f
-
SHA256
a19b2cd3ea8c79684ba85dfe7167c5afa9a739cfceac75f79a9c0132ae0bc7b3
-
SHA512
3f76cd80704cb32e5395b39b46095ab77da1883fe4110872419203f3127ed1af2580b11223cca6cd0c2ee719b0ea20f5208753cb2e98cc785ceb866859886385
Static task
static1
Behavioral task
behavioral1
Sample
a19b2cd3ea8c79684ba85dfe7167c5afa9a739cfceac75f79a9c0132ae0bc7b3.exe
Resource
win7-20220715-en
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
a19b2cd3ea8c79684ba85dfe7167c5afa9a739cfceac75f79a9c0132ae0bc7b3
-
Size
949KB
-
MD5
b0e74647415c0edb08b82e65aa7edd27
-
SHA1
f9a486d9918626c73c54af54a9d9e041b141559f
-
SHA256
a19b2cd3ea8c79684ba85dfe7167c5afa9a739cfceac75f79a9c0132ae0bc7b3
-
SHA512
3f76cd80704cb32e5395b39b46095ab77da1883fe4110872419203f3127ed1af2580b11223cca6cd0c2ee719b0ea20f5208753cb2e98cc785ceb866859886385
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-