General
-
Target
INV90876.EXE
-
Size
759KB
-
Sample
220818-l6sbhsgaa6
-
MD5
3b5e92e5880c828f9ad90929a3b6d5a1
-
SHA1
8282c9cb22644b515da8b049cd288cd09a891aee
-
SHA256
84530ed1bbd58c38b85fc93e447d14251cda335b3de5fe9216cf3386758cb0ee
-
SHA512
3a333d5e3d56a3e885ebbeda98f56da45782ade9c07ed8da3bee7f109f8bc90e4ee6dd7977705ac4854ef92915ee09ffdf716d40ecb07d5e8d2dfe8958dff449
-
SSDEEP
12288:/fZZ5m+JN9Wd11R/5PV6nTSscLn3NAqw0wJyFVOMzmm/td2jHC4m0EtPG:33Y+7yPojCdAD0SQVXmmlTP0Et
Static task
static1
Behavioral task
behavioral1
Sample
INV90876.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV90876.EXE
-
Size
759KB
-
MD5
3b5e92e5880c828f9ad90929a3b6d5a1
-
SHA1
8282c9cb22644b515da8b049cd288cd09a891aee
-
SHA256
84530ed1bbd58c38b85fc93e447d14251cda335b3de5fe9216cf3386758cb0ee
-
SHA512
3a333d5e3d56a3e885ebbeda98f56da45782ade9c07ed8da3bee7f109f8bc90e4ee6dd7977705ac4854ef92915ee09ffdf716d40ecb07d5e8d2dfe8958dff449
-
SSDEEP
12288:/fZZ5m+JN9Wd11R/5PV6nTSscLn3NAqw0wJyFVOMzmm/td2jHC4m0EtPG:33Y+7yPojCdAD0SQVXmmlTP0Et
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-