General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.9061.exe
-
Size
666KB
-
Sample
220906-s9blhacfcm
-
MD5
bbd4d6df4dd680a7253bf7343292225e
-
SHA1
1b0dc36d3de872c4096b5a3bd93ef063fcf50ecb
-
SHA256
fdf3f859ee5b8be0d6cda53c88e94d6b75b676e055102b828fc8106826f446ce
-
SHA512
62881bb38c200dac57dfdbace7f7a3538ddf52f9c231d8afb3c92a4e7bfb69438a71174b1806687f01ed9a8136ae8e72e72e55b353ea36f4e1da40e9dc61a974
-
SSDEEP
12288:ibPil1JMpnl5GNFBxFLHHR0YrJWlylSx16FBzrAjmlyN+dq5ejjhLWfY:ib6lH6vOFBxFTdE
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.9061.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
37.0.14.206:3384
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
Password234
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.9061.exe
-
Size
666KB
-
MD5
bbd4d6df4dd680a7253bf7343292225e
-
SHA1
1b0dc36d3de872c4096b5a3bd93ef063fcf50ecb
-
SHA256
fdf3f859ee5b8be0d6cda53c88e94d6b75b676e055102b828fc8106826f446ce
-
SHA512
62881bb38c200dac57dfdbace7f7a3538ddf52f9c231d8afb3c92a4e7bfb69438a71174b1806687f01ed9a8136ae8e72e72e55b353ea36f4e1da40e9dc61a974
-
SSDEEP
12288:ibPil1JMpnl5GNFBxFLHHR0YrJWlylSx16FBzrAjmlyN+dq5ejjhLWfY:ib6lH6vOFBxFTdE
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-