General
-
Target
INVOICE-INV02773773644.exe
-
Size
771KB
-
Sample
220816-mcbmcafffp
-
MD5
c7f8ca41f8a4d8ea868e20d1fa16a9a8
-
SHA1
382b20d1f4b618f2faa98ecdbb1637c8de008901
-
SHA256
3988ab9ab406d0c56b263571e8bbfed6a3f50529a2cb3be825f506acaf59716b
-
SHA512
c6f70a024651fa91d6d040bc937d27e27d7a09107db6054b99b78e593517e27a79402a84811e01d4fd5d1447638ea48c938dad6585d90fec95f4ca701b34e5b1
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE-INV02773773644.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
xman2.duckdns.org:4433
xman2.duckdns.org:4411
xman2.duckdns.org:4422
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INVOICE-INV02773773644.exe
-
Size
771KB
-
MD5
c7f8ca41f8a4d8ea868e20d1fa16a9a8
-
SHA1
382b20d1f4b618f2faa98ecdbb1637c8de008901
-
SHA256
3988ab9ab406d0c56b263571e8bbfed6a3f50529a2cb3be825f506acaf59716b
-
SHA512
c6f70a024651fa91d6d040bc937d27e27d7a09107db6054b99b78e593517e27a79402a84811e01d4fd5d1447638ea48c938dad6585d90fec95f4ca701b34e5b1
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-