General
-
Target
F02EVEOU.EXE.exe
-
Size
941KB
-
Sample
220901-leq95sded7
-
MD5
bdac02fde5e13cb5c08b10df39cfe445
-
SHA1
85f0703fd663c0fb491cfb71ebe5609f78312a73
-
SHA256
9e90590b4333c2a963369cabf3c7671037039829c6d42a51f824356e621dff86
-
SHA512
2df6aa5c62078bd3b66300b380ee639c1736eabba9a7c4386ac0db5494e771fccd607d8dc899a2a0737ad09eeb94350a8b37f6836e8cc803218679888f80a804
-
SSDEEP
24576:ZZ5+XY+mzo3bvrn23nt+uK6ogSOY2OKP1:D5YlmzMjcocoOYR
Static task
static1
Behavioral task
behavioral1
Sample
F02EVEOU.EXE.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
F02EVEOU.EXE.exe
-
Size
941KB
-
MD5
bdac02fde5e13cb5c08b10df39cfe445
-
SHA1
85f0703fd663c0fb491cfb71ebe5609f78312a73
-
SHA256
9e90590b4333c2a963369cabf3c7671037039829c6d42a51f824356e621dff86
-
SHA512
2df6aa5c62078bd3b66300b380ee639c1736eabba9a7c4386ac0db5494e771fccd607d8dc899a2a0737ad09eeb94350a8b37f6836e8cc803218679888f80a804
-
SSDEEP
24576:ZZ5+XY+mzo3bvrn23nt+uK6ogSOY2OKP1:D5YlmzMjcocoOYR
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-