General
-
Target
Hesaphareketi-01.exe
-
Size
89KB
-
Sample
220905-pf13hsggcj
-
MD5
bad42e908830728792ab8e29baa24cba
-
SHA1
598ebd86fc494867f023fe72ccdfe11ad307bfed
-
SHA256
e16665207a7040752753e23815225e18aef8811a12bcef662f17bda9956ef076
-
SHA512
088c861d5ff2b3abbbc415879e860d066efd95b42cb003195dd2bbf8c4b5aeac880ce87462e9b7b36ff98c177dcb22e91854fa2958bdede986a5cf30775c22d1
-
SSDEEP
384:KAe/O7/HyORHvJduRKo6nCo7DYfmWTnLDBJNTmpGEq53K/VJADpbKxYC5nBJf13g:cOjSOdRduRKvnCo7DYfmWzHMpVJTXo
Static task
static1
Behavioral task
behavioral1
Sample
Hesaphareketi-01.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Hesaphareketi-01.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
netwire
bigman2021.duckdns.org:3303
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Hesaphareketi-01.exe
-
Size
89KB
-
MD5
bad42e908830728792ab8e29baa24cba
-
SHA1
598ebd86fc494867f023fe72ccdfe11ad307bfed
-
SHA256
e16665207a7040752753e23815225e18aef8811a12bcef662f17bda9956ef076
-
SHA512
088c861d5ff2b3abbbc415879e860d066efd95b42cb003195dd2bbf8c4b5aeac880ce87462e9b7b36ff98c177dcb22e91854fa2958bdede986a5cf30775c22d1
-
SSDEEP
384:KAe/O7/HyORHvJduRKo6nCo7DYfmWTnLDBJNTmpGEq53K/VJADpbKxYC5nBJf13g:cOjSOdRduRKvnCo7DYfmWzHMpVJTXo
-
NetWire RAT payload
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-