General
-
Target
33bb710085124d925edff2facd3e6337
-
Size
43KB
-
Sample
220901-zqdebabadn
-
MD5
33bb710085124d925edff2facd3e6337
-
SHA1
3d68e635ea24a681ae8008cc89003f456a5c1405
-
SHA256
f4942fe305063eff957d16d263ab9537f955e3e430dd4d09daaa654db4430243
-
SHA512
0d281a0a3043b2846b8300668eb961d18325dc95cf349197c5dc22dd9b1762a7e00c46cebe20b51eead7ddb356936709ab9051a019d782def24604a866120813
-
SSDEEP
768:CfX+vQn2cM+2m0i2CTrW3vIPI+aVfdq8+lC7wgqUH+mEypOCnxEuk:6aWM+nTbPIVg857wr6+mE/GWuk
Static task
static1
Behavioral task
behavioral1
Sample
493839_20493_rfq_0932_po.pdf.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
bigman2021.duckdns.org:3303
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
493839_20493_rfq_0932_po.pdf.exe
-
Size
230KB
-
MD5
c3202d6e32b6bed3c6ba49aaed96010b
-
SHA1
60f4117f39cffcd87e942774203164df290b89b3
-
SHA256
1ca38da4e968230b701efc2d415e3710ba7c82b60d6df13854b157d08eccd3d3
-
SHA512
d8feb7f1bf1db8a153f1577cf70f70b9b62520a1e84b673341c60633f0f9030182c4958999260b907d15e890def6c7359b775f5a031444bd2817b91ea55b09ae
-
SSDEEP
3072:LT/T7gqPHIvuvHQFpaIYkKEPIFJzE17vtf:f5VHsaIYkb
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-