General
-
Target
IM202208198850.JPG.IMG
-
Size
1.2MB
-
Sample
220819-lm1hsaecg6
-
MD5
c5ba11a890e0666144d4ed080571323a
-
SHA1
8a501f14a8c584f5eb90b919f3e6bc943efc7c98
-
SHA256
5c61b30352d1b30b2dcb1a52b5180e11278e06c33e91bbb89b2c819e13358c27
-
SHA512
0614e8f3baa890350e80c06466d555f4d90cd1ea5ad3c0faf37017536c5f236add36d206590d8743e799ff6eeb33d8a6a5d8ad7d17cf43a9ac62b9246c1f25a3
-
SSDEEP
24576:GCuCMuw1eDV84Njaw7laCPIFDum+y2eN:qjenNL7lboOyt
Static task
static1
Behavioral task
behavioral1
Sample
IM202208.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
IM202208.EXE
-
Size
727KB
-
MD5
c1ca174fbfc7936f8d9d0aad755f29cf
-
SHA1
16ad7f314c9c2742886523ac256fbb4a5f4bfdb0
-
SHA256
d08f75542680080f9d3393fc3bb0ced3c30335db5030c1f38a8d7a7aadb15794
-
SHA512
e2ff294837639043c1b24cfee2eae281284ac9a563ad5e8d31a8ce7538f60447cb747508021b98326a78923e99159109fc908c390a8f3d570d7d91b6d24fa280
-
SSDEEP
12288:YcmeuEHslgDaK6nyfAt1eDFZByVxc/Njaw7lTUnCPIvFWzkGI+3mSaEy2eeKA:YCuCMuw1eDV84Njaw7laCPIFDum+y2eN
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-