General
-
Target
91f5a7d8b8ba508f8e6999e7ddb8e902
-
Size
749KB
-
Sample
220806-hwhsjsecg8
-
MD5
91f5a7d8b8ba508f8e6999e7ddb8e902
-
SHA1
3aae5bd6075319c5ff54279c3d5ebfd9ec8d4c59
-
SHA256
30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155
-
SHA512
0391ee953d85455365c110a537ddcdb40d9060ba630329f6c10eb012e78af2d16426367c496a013fdca00d01b2c044768bca6a7a7e9002caaa8d95cbb950da27
Static task
static1
Behavioral task
behavioral1
Sample
91f5a7d8b8ba508f8e6999e7ddb8e902.exe
Resource
win7-20220718-en
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
91f5a7d8b8ba508f8e6999e7ddb8e902
-
Size
749KB
-
MD5
91f5a7d8b8ba508f8e6999e7ddb8e902
-
SHA1
3aae5bd6075319c5ff54279c3d5ebfd9ec8d4c59
-
SHA256
30f0b1b4f04adbac7201528c1fa4a1e78f41e243b1da2332d57e662448282155
-
SHA512
0391ee953d85455365c110a537ddcdb40d9060ba630329f6c10eb012e78af2d16426367c496a013fdca00d01b2c044768bca6a7a7e9002caaa8d95cbb950da27
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-