General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.16866.2650.exe
-
Size
651KB
-
Sample
220830-jd4sqsdgbj
-
MD5
bf359b85ecb0f00dfb99f763f619f133
-
SHA1
89b759b81d7a7d8f3d88368df9059828116cd424
-
SHA256
791667a955fb3cb2833edfc35880b557cf53f9ecba41ac96172606b934e982ba
-
SHA512
83222b1fa70e7465d920c55dc5b730539ad6e693eedd08cb593f8f16402c115f476f640b191e4dde19184812b5f01c0acfd05b8b9eebeb59b785be6d47ab997f
-
SSDEEP
12288:z+0F75eai9jVBcaZaO4dZM9SNpLuuRmzODbY3Dv8Z62OMBVPM3HftGXS2E2/:zVZ5piJTC7NU+A2bYTv8U6DPmmSp
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.16866.2650.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.16866.2650.exe
-
Size
651KB
-
MD5
bf359b85ecb0f00dfb99f763f619f133
-
SHA1
89b759b81d7a7d8f3d88368df9059828116cd424
-
SHA256
791667a955fb3cb2833edfc35880b557cf53f9ecba41ac96172606b934e982ba
-
SHA512
83222b1fa70e7465d920c55dc5b730539ad6e693eedd08cb593f8f16402c115f476f640b191e4dde19184812b5f01c0acfd05b8b9eebeb59b785be6d47ab997f
-
SSDEEP
12288:z+0F75eai9jVBcaZaO4dZM9SNpLuuRmzODbY3Dv8Z62OMBVPM3HftGXS2E2/:zVZ5piJTC7NU+A2bYTv8U6DPmmSp
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-