General
-
Target
Annerkenntniserklärung.exe
-
Size
1.1MB
-
Sample
220915-ja8mhsccc4
-
MD5
a9340d3caeb2d458f51bcdcc35f40e4f
-
SHA1
56ffc6171db6c045f3db84689ec61f05df842899
-
SHA256
8b86424f0ef6817bcb0ce07545ae7fd2c808d02346ee0e3d602115d791d6993b
-
SHA512
8a88c3c6ebf472a529bd3326a080c9d4d2d53de65ccd0fa48c99bbf7dc618d36c759381da6b66892a511c1f81081ffe13d44d4a3f99a6df0d7b7d8ab0177a86c
-
SSDEEP
24576:wshKd32Jzh68PfS0ECCnHqXdzzI4zlv44tJ:1U2xh6aS0EHHqXRzI4zh44t
Static task
static1
Behavioral task
behavioral1
Sample
Annerkenntniserklärung.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
podzeye2.duckdns.org:4411
podzeye2.duckdns.org:4422
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Annerkenntniserklärung.exe
-
Size
1.1MB
-
MD5
a9340d3caeb2d458f51bcdcc35f40e4f
-
SHA1
56ffc6171db6c045f3db84689ec61f05df842899
-
SHA256
8b86424f0ef6817bcb0ce07545ae7fd2c808d02346ee0e3d602115d791d6993b
-
SHA512
8a88c3c6ebf472a529bd3326a080c9d4d2d53de65ccd0fa48c99bbf7dc618d36c759381da6b66892a511c1f81081ffe13d44d4a3f99a6df0d7b7d8ab0177a86c
-
SSDEEP
24576:wshKd32Jzh68PfS0ECCnHqXdzzI4zlv44tJ:1U2xh6aS0EHHqXRzI4zh44t
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-