General
-
Target
Payment confirmation receipt.exe
-
Size
656KB
-
Sample
220815-mqvmdahfep
-
MD5
5bcabd87ebebbda71b4012952d329bb5
-
SHA1
c91200acf9e01b42663f68efde07c24bf4404f1f
-
SHA256
6ace19befa598ac3913865abf5fea0eac3d66b77425a9700274094d58b50630f
-
SHA512
ca2c36d0a9cb1fcd2587072617d9081a67bcc5d291a55c9fdf84afa93f42031addf754606b0c8e0ddcd6703e3d50a50f9acc456fc38f49647270258cd0acb386
Static task
static1
Behavioral task
behavioral1
Sample
Payment confirmation receipt.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Payment confirmation receipt.exe
-
Size
656KB
-
MD5
5bcabd87ebebbda71b4012952d329bb5
-
SHA1
c91200acf9e01b42663f68efde07c24bf4404f1f
-
SHA256
6ace19befa598ac3913865abf5fea0eac3d66b77425a9700274094d58b50630f
-
SHA512
ca2c36d0a9cb1fcd2587072617d9081a67bcc5d291a55c9fdf84afa93f42031addf754606b0c8e0ddcd6703e3d50a50f9acc456fc38f49647270258cd0acb386
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-