General
-
Target
Bestellnummer PO2732559-022.pdf (742 KB).exe
-
Size
1.2MB
-
Sample
220908-pll6jsbgbj
-
MD5
060aeb48ec196f567a4a35ac61192c3c
-
SHA1
9f64e0730f31f1c110b5f975a17dd09fda809e11
-
SHA256
2dad351121415ba79882fa8576277f4c863a51cb6aafb9fd2789e7204ba7b0b3
-
SHA512
f10c896c46d556d0d8c289065049c2b7b48fff551f0ccfdc3dfc09a4145efcebb02ec475fb876e6a1016ba15d6a628870641c07718ab9be864296583ea6c9dc3
-
SSDEEP
24576:1dse92mPFe/Eh+ZpsNZ1rNgYsYMiPVc2JInI7ynT0:/A8rNgYsYM92Gm6
Static task
static1
Behavioral task
behavioral1
Sample
Bestellnummer PO2732559-022.pdf (742 KB).exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
podzeye2.duckdns.org:4411
podzeye2.duckdns.org:4422
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Bestellnummer PO2732559-022.pdf (742 KB).exe
-
Size
1.2MB
-
MD5
060aeb48ec196f567a4a35ac61192c3c
-
SHA1
9f64e0730f31f1c110b5f975a17dd09fda809e11
-
SHA256
2dad351121415ba79882fa8576277f4c863a51cb6aafb9fd2789e7204ba7b0b3
-
SHA512
f10c896c46d556d0d8c289065049c2b7b48fff551f0ccfdc3dfc09a4145efcebb02ec475fb876e6a1016ba15d6a628870641c07718ab9be864296583ea6c9dc3
-
SSDEEP
24576:1dse92mPFe/Eh+ZpsNZ1rNgYsYMiPVc2JInI7ynT0:/A8rNgYsYM92Gm6
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-