General
-
Target
Confirmation of payment.exe
-
Size
653KB
-
Sample
220816-hzc2gadhaq
-
MD5
0a952acbb597a679e4c97d3309b6ecf9
-
SHA1
33c074ec3f9975e08625d6c54d29365a9fa9d1b9
-
SHA256
6ad8db92a404b43169c0a93eea5f957867b6c2b10067fbf081192d9c25c3687c
-
SHA512
97cbe8e5366b01c2a83323605126919177de34a9ae9345f3fb7b7e4b31a0e787c7ec37aece0a1982a42eb1ecccabe2e2bbb0d82ff88fbede97bd03ef6aa74f7d
Static task
static1
Behavioral task
behavioral1
Sample
Confirmation of payment.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Confirmation of payment.exe
-
Size
653KB
-
MD5
0a952acbb597a679e4c97d3309b6ecf9
-
SHA1
33c074ec3f9975e08625d6c54d29365a9fa9d1b9
-
SHA256
6ad8db92a404b43169c0a93eea5f957867b6c2b10067fbf081192d9c25c3687c
-
SHA512
97cbe8e5366b01c2a83323605126919177de34a9ae9345f3fb7b7e4b31a0e787c7ec37aece0a1982a42eb1ecccabe2e2bbb0d82ff88fbede97bd03ef6aa74f7d
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-