General
-
Target
INVOICE00433.exe
-
Size
673KB
-
Sample
220819-h68rqaaahr
-
MD5
ba34224f638293815a97a3d4e7f5bc67
-
SHA1
c0dc327bd340eb447cb8e78603fa4dded8c152c9
-
SHA256
40374376894492fb4f8aa245a8197df99859e2f98b786c344f877813a1a3f224
-
SHA512
b410175eccc1dcfa5347b2e72d72c42b08c470095ac9716637973d6dbb0ebd78237a7bc8fba24ef516d2f3e6734449f9a3d8a530c1d54e81180f25ff0fd38403
-
SSDEEP
12288:WQ11R/5P16n+CIoB88dFMh2O0CB4OYUdrYvxoFGSjjFWxJS:LPI+CvlMoSB4YqOjqJS
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE00433.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
INVOICE00433.exe
-
Size
673KB
-
MD5
ba34224f638293815a97a3d4e7f5bc67
-
SHA1
c0dc327bd340eb447cb8e78603fa4dded8c152c9
-
SHA256
40374376894492fb4f8aa245a8197df99859e2f98b786c344f877813a1a3f224
-
SHA512
b410175eccc1dcfa5347b2e72d72c42b08c470095ac9716637973d6dbb0ebd78237a7bc8fba24ef516d2f3e6734449f9a3d8a530c1d54e81180f25ff0fd38403
-
SSDEEP
12288:WQ11R/5P16n+CIoB88dFMh2O0CB4OYUdrYvxoFGSjjFWxJS:LPI+CvlMoSB4YqOjqJS
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-