General
-
Target
SecuriteInfo.com.Trojan.PackedNET.1427.20605.24340.exe
-
Size
653KB
-
Sample
220830-m59d3sfhep
-
MD5
e6354d7d1bb7ce300f6624464cd74c22
-
SHA1
d32564686a86133276dd99ac609f82b7fc52f181
-
SHA256
beb979ea6eb528afbb51885caa428ddfda08172e26bcb1671296b40036ca9ff6
-
SHA512
8a0033028afb8c1a87fcdb82bf4de68f834897e61e3520e5e23994941f9c50f844b4fe189a4ad26bac8b8ef23adf6d5872b97d562a64734019d4d49fc0956f93
-
SSDEEP
12288:ckN0F75eW2G+BKIsba+OUQgvP9asWTASrAqUIaKk1wFWOy7BEfQe931:D2Z5V5+Iha+ua9a3TASrAg6JtEfz
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.1427.20605.24340.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.1427.20605.24340.exe
-
Size
653KB
-
MD5
e6354d7d1bb7ce300f6624464cd74c22
-
SHA1
d32564686a86133276dd99ac609f82b7fc52f181
-
SHA256
beb979ea6eb528afbb51885caa428ddfda08172e26bcb1671296b40036ca9ff6
-
SHA512
8a0033028afb8c1a87fcdb82bf4de68f834897e61e3520e5e23994941f9c50f844b4fe189a4ad26bac8b8ef23adf6d5872b97d562a64734019d4d49fc0956f93
-
SSDEEP
12288:ckN0F75eW2G+BKIsba+OUQgvP9asWTASrAqUIaKk1wFWOy7BEfQe931:D2Z5V5+Iha+ua9a3TASrAg6JtEfz
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-