General
-
Target
specification.exe
-
Size
685KB
-
Sample
220901-1ysdwabggm
-
MD5
c49a2b3b582e9d721242cc22ae03cde8
-
SHA1
162962b316fe33c3010fc132aa7445cf64c0f3e6
-
SHA256
7d2c29a6da3884f8875d1135b995051c56eac4ed5244a609d1ab947981a75eff
-
SHA512
0d7d13a790f34aeeafb6dad7d853d43494b24d0f8233a41d6dc00e125e12cea87c1a889ad0eccfbed1dfb6ed181be24f7e5cf7215538301e6cb9b52cb6e248cb
-
SSDEEP
12288:HcXLYb0hy4fo0CD2quKT5qVMfJQ13E8/lgrhhHWqLlylSx1:8X8Eyyo0a8q8mthtj
Static task
static1
Behavioral task
behavioral1
Sample
specification.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
specification.exe
-
Size
685KB
-
MD5
c49a2b3b582e9d721242cc22ae03cde8
-
SHA1
162962b316fe33c3010fc132aa7445cf64c0f3e6
-
SHA256
7d2c29a6da3884f8875d1135b995051c56eac4ed5244a609d1ab947981a75eff
-
SHA512
0d7d13a790f34aeeafb6dad7d853d43494b24d0f8233a41d6dc00e125e12cea87c1a889ad0eccfbed1dfb6ed181be24f7e5cf7215538301e6cb9b52cb6e248cb
-
SSDEEP
12288:HcXLYb0hy4fo0CD2quKT5qVMfJQ13E8/lgrhhHWqLlylSx1:8X8Eyyo0a8q8mthtj
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-