General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7758.exe
-
Size
1.1MB
-
Sample
220908-gak54sbaej
-
MD5
4e496fc0893b49457ba20b10159be839
-
SHA1
3751e830bd0d6caa7aaeaa8150af1dd998487998
-
SHA256
3c63068f0ff7610cbe73267e9d3c8a4adc977c9fae26f39808d2880f9c79e204
-
SHA512
718e40a4f9b41b5e91b91e9a83fe388e88f881a62d20a7b462fd67e96ef60e2dbc18384082f73159b2f297b11c1a0e8b05468879ffed9fefc4f21a40d3f2bdf2
-
SSDEEP
12288:+kNjm5x1NHuimzrpz0fx0UqHLFTDaa1MXTS2CcSvOqt9s1q6pDD63Cm:+kxm5Iimzrpz0fMTDaa1MXTZCl7t9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.7758.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3345
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@9
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7758.exe
-
Size
1.1MB
-
MD5
4e496fc0893b49457ba20b10159be839
-
SHA1
3751e830bd0d6caa7aaeaa8150af1dd998487998
-
SHA256
3c63068f0ff7610cbe73267e9d3c8a4adc977c9fae26f39808d2880f9c79e204
-
SHA512
718e40a4f9b41b5e91b91e9a83fe388e88f881a62d20a7b462fd67e96ef60e2dbc18384082f73159b2f297b11c1a0e8b05468879ffed9fefc4f21a40d3f2bdf2
-
SSDEEP
12288:+kNjm5x1NHuimzrpz0fx0UqHLFTDaa1MXTS2CcSvOqt9s1q6pDD63Cm:+kxm5Iimzrpz0fMTDaa1MXTZCl7t9
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-