General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.10591.8832.exe
-
Size
747KB
-
Sample
220830-pgln8agfhl
-
MD5
b29d638c6a95f694c8310297d7ac64ac
-
SHA1
ec8b0482dc73f20c05e4b8f41150467f2633abff
-
SHA256
dea08975e4dfcf09c0a223ce08f787cfc0eeaba0ac6f692b3f4c10b7d1cce5d6
-
SHA512
a43f3c282c34d261b3563f7106faeb41d218f4e2bd08109de480e79f7751988dc25573a169919dea738f11974b36f6cff09af1c373aa937c74ae60bfdf33692f
-
SSDEEP
12288:Nnuq00F75eq2a+ypPL2pcznVCPKhma8yMuj5fd+MZMaGwqnP8oi+Aw5sDxmQNe4:FXZ5B7ZtzVeKhm1yZj5FNE
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.10591.8832.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.10591.8832.exe
-
Size
747KB
-
MD5
b29d638c6a95f694c8310297d7ac64ac
-
SHA1
ec8b0482dc73f20c05e4b8f41150467f2633abff
-
SHA256
dea08975e4dfcf09c0a223ce08f787cfc0eeaba0ac6f692b3f4c10b7d1cce5d6
-
SHA512
a43f3c282c34d261b3563f7106faeb41d218f4e2bd08109de480e79f7751988dc25573a169919dea738f11974b36f6cff09af1c373aa937c74ae60bfdf33692f
-
SSDEEP
12288:Nnuq00F75eq2a+ypPL2pcznVCPKhma8yMuj5fd+MZMaGwqnP8oi+Aw5sDxmQNe4:FXZ5B7ZtzVeKhm1yZj5FNE
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-