General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.1417.25539
-
Size
578KB
-
Sample
220829-s9an7sbeeq
-
MD5
a3add136bad0055382516c28b2d98ed6
-
SHA1
bb218fb9cbb76d9c4e0f4d44f3745f3405957a02
-
SHA256
5d7b005b25fc4042bf4306cb81f0e332ff10a61ead6744d4dae14da8f08b7db5
-
SHA512
0c204063f19b2603ec8bff61547d17b14ae01329a4a587c53a37ba37c0aa9122d3fead68138f10ad18788aae00aec580122c7ddc54a3e10b012ab7f5284587a0
-
SSDEEP
12288:hc0FHAlmHX2zbro5A97xpbMlylSx1LHoY/dlBKr9:ZAlmHAgA9QLW
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.1417.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.1417.25539
-
Size
578KB
-
MD5
a3add136bad0055382516c28b2d98ed6
-
SHA1
bb218fb9cbb76d9c4e0f4d44f3745f3405957a02
-
SHA256
5d7b005b25fc4042bf4306cb81f0e332ff10a61ead6744d4dae14da8f08b7db5
-
SHA512
0c204063f19b2603ec8bff61547d17b14ae01329a4a587c53a37ba37c0aa9122d3fead68138f10ad18788aae00aec580122c7ddc54a3e10b012ab7f5284587a0
-
SSDEEP
12288:hc0FHAlmHX2zbro5A97xpbMlylSx1LHoY/dlBKr9:ZAlmHAgA9QLW
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-