General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.19584.32625.exe
-
Size
654KB
-
Sample
220830-jd4sqsdgbk
-
MD5
a17902e9a7c106b2458af41fd95f24dd
-
SHA1
c26e7c7e02c26855794b35d6a129c1f4d947b456
-
SHA256
ff522148c553515ff4fcec77ffa6e2140c1c8faae3006133f5b82a0f1b8019dd
-
SHA512
2eee0677b074e941f2de9d8a1f87705c49d95669f063f94a054461e54eb1f1543bf5a298088277666b5ce3e7497ef523286155c143d9da21770ede845bc7c3be
-
SSDEEP
12288:wLW0F75eKie0l5S1XE4DR/RtgGAL9Tq6EujC7YBHuyvo12aSvPCZm08WKBZU2/:wNZ5Tif5ODRZtYBlE0wSH2gaEqs9WKrU
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.19584.32625.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.19584.32625.exe
-
Size
654KB
-
MD5
a17902e9a7c106b2458af41fd95f24dd
-
SHA1
c26e7c7e02c26855794b35d6a129c1f4d947b456
-
SHA256
ff522148c553515ff4fcec77ffa6e2140c1c8faae3006133f5b82a0f1b8019dd
-
SHA512
2eee0677b074e941f2de9d8a1f87705c49d95669f063f94a054461e54eb1f1543bf5a298088277666b5ce3e7497ef523286155c143d9da21770ede845bc7c3be
-
SSDEEP
12288:wLW0F75eKie0l5S1XE4DR/RtgGAL9Tq6EujC7YBHuyvo12aSvPCZm08WKBZU2/:wNZ5Tif5ODRZtYBlE0wSH2gaEqs9WKrU
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-