General
-
Target
Payment Confirmation Receipt.exe
-
Size
747KB
-
Sample
220817-b4865scad8
-
MD5
7b498a9b302d72bab8add1f7e1cc5650
-
SHA1
95f4651fab460d596bcd04b81bd245f902e40e56
-
SHA256
e29897654f6d41445ee402a68379f5b87519d4c62528ee1267f65002672ebd26
-
SHA512
277057675def0e73f85252bc3e43216d24f7fd4449f025c29166570533cd4c9180bfca87fa8e028764cb834b6ddc177a776de5adb6ea51be4df1afc0fe7a053d
-
SSDEEP
12288:Wt5aV1ki3e+/Si7hOPQHn40KGOOx6rMYuo0v5SoalgaseEG8J:WtwVui3Oi7QPQYprMZv5ClCr
Static task
static1
Behavioral task
behavioral1
Sample
Payment Confirmation Receipt.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
185.140.53.61:3363
185.140.53.61:3365
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Payment Confirmation Receipt.exe
-
Size
747KB
-
MD5
7b498a9b302d72bab8add1f7e1cc5650
-
SHA1
95f4651fab460d596bcd04b81bd245f902e40e56
-
SHA256
e29897654f6d41445ee402a68379f5b87519d4c62528ee1267f65002672ebd26
-
SHA512
277057675def0e73f85252bc3e43216d24f7fd4449f025c29166570533cd4c9180bfca87fa8e028764cb834b6ddc177a776de5adb6ea51be4df1afc0fe7a053d
-
SSDEEP
12288:Wt5aV1ki3e+/Si7hOPQHn40KGOOx6rMYuo0v5SoalgaseEG8J:WtwVui3Oi7QPQYprMZv5ClCr
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-