General
-
Target
IM202208.EXE
-
Size
727KB
-
Sample
220819-kyv7rsdhf5
-
MD5
c1ca174fbfc7936f8d9d0aad755f29cf
-
SHA1
16ad7f314c9c2742886523ac256fbb4a5f4bfdb0
-
SHA256
d08f75542680080f9d3393fc3bb0ced3c30335db5030c1f38a8d7a7aadb15794
-
SHA512
e2ff294837639043c1b24cfee2eae281284ac9a563ad5e8d31a8ce7538f60447cb747508021b98326a78923e99159109fc908c390a8f3d570d7d91b6d24fa280
-
SSDEEP
12288:YcmeuEHslgDaK6nyfAt1eDFZByVxc/Njaw7lTUnCPIvFWzkGI+3mSaEy2eeKA:YCuCMuw1eDV84Njaw7laCPIFDum+y2eN
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
IM202208.EXE
-
Size
727KB
-
MD5
c1ca174fbfc7936f8d9d0aad755f29cf
-
SHA1
16ad7f314c9c2742886523ac256fbb4a5f4bfdb0
-
SHA256
d08f75542680080f9d3393fc3bb0ced3c30335db5030c1f38a8d7a7aadb15794
-
SHA512
e2ff294837639043c1b24cfee2eae281284ac9a563ad5e8d31a8ce7538f60447cb747508021b98326a78923e99159109fc908c390a8f3d570d7d91b6d24fa280
-
SSDEEP
12288:YcmeuEHslgDaK6nyfAt1eDFZByVxc/Njaw7lTUnCPIvFWzkGI+3mSaEy2eeKA:YCuCMuw1eDV84Njaw7laCPIFDum+y2eN
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-