General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.11564.5379.exe
-
Size
779KB
-
Sample
220830-1ea1gsccd2
-
MD5
bec825008e3f4365a8a71961ba806f27
-
SHA1
a0f073d37901dd918af4e58f82a19e46479edc6b
-
SHA256
9e31da664bede9c4709cdbf2ec6a791dadc490cd30a67a3d2bbae42c7e9318ed
-
SHA512
c251ee9de6053e57a0547f31b3469a6dc70619b6562c5345f3d76b8ffbc06b07c86749908f8eae1a7216a9c0c41eb1bbcc22318f6e5eefd6b1ee206c62be7526
-
SSDEEP
12288:osUf0eH06SolylSx1XqVlSyH0f67ajvKVl94tu1UNPuEz4YTLvNcMb4IoR55KFe:Xg3uSyUi7Iq9Z1UpuRMPoR5E
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.11564.5379.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.11564.5379.exe
-
Size
779KB
-
MD5
bec825008e3f4365a8a71961ba806f27
-
SHA1
a0f073d37901dd918af4e58f82a19e46479edc6b
-
SHA256
9e31da664bede9c4709cdbf2ec6a791dadc490cd30a67a3d2bbae42c7e9318ed
-
SHA512
c251ee9de6053e57a0547f31b3469a6dc70619b6562c5345f3d76b8ffbc06b07c86749908f8eae1a7216a9c0c41eb1bbcc22318f6e5eefd6b1ee206c62be7526
-
SSDEEP
12288:osUf0eH06SolylSx1XqVlSyH0f67ajvKVl94tu1UNPuEz4YTLvNcMb4IoR55KFe:Xg3uSyUi7Iq9Z1UpuRMPoR5E
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-