General
-
Target
inv9087673.pdf.img
-
Size
1.3MB
-
Sample
220818-vekl2ahber
-
MD5
f2ea4858864201512635672312ff0711
-
SHA1
8a41ead580805a284528e3a1e081e3b46a9439f7
-
SHA256
c30e0dc8c0a1e5c59786c5c5fa22a1e7fbffd7a590313397eb2d35a78cb6f666
-
SHA512
91daba722efdb4338276da02189d6054a0d451ff704b12400e57eb00837d7713560bb179c5cc85023cced068fb1db5d132fbd753a0ebc4d0a1caf13984247f82
-
SSDEEP
12288:EfZZ5m+JN9Wd11R/5PV6nTSscLn3NAqw0wJyFVOMzmm/td2jHC4m0EtPG:83Y+7yPojCdAD0SQVXmmlTP0Et
Static task
static1
Behavioral task
behavioral1
Sample
INV90876.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INV90876.EXE
-
Size
759KB
-
MD5
3b5e92e5880c828f9ad90929a3b6d5a1
-
SHA1
8282c9cb22644b515da8b049cd288cd09a891aee
-
SHA256
84530ed1bbd58c38b85fc93e447d14251cda335b3de5fe9216cf3386758cb0ee
-
SHA512
3a333d5e3d56a3e885ebbeda98f56da45782ade9c07ed8da3bee7f109f8bc90e4ee6dd7977705ac4854ef92915ee09ffdf716d40ecb07d5e8d2dfe8958dff449
-
SSDEEP
12288:/fZZ5m+JN9Wd11R/5PV6nTSscLn3NAqw0wJyFVOMzmm/td2jHC4m0EtPG:33Y+7yPojCdAD0SQVXmmlTP0Et
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-