General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.13123.exe
-
Size
897KB
-
Sample
220919-gekp5safd9
-
MD5
8f0455d51130bf17f17e66b57efb722f
-
SHA1
ea74f9e0c869e62cb349bb92b830ea171fe6caf9
-
SHA256
aa109160a7bf36d319dd778b009ccb6db1a506c5a0eebd87fa6628e9313496c5
-
SHA512
ba9e6c954848b8a9bd763f567c0fceb2b13da94047a79d0894a9b0431fcb3bde905b88f64e614c6a231c7ebfc09f03e8003b425f26975628129609c1c885c22b
-
SSDEEP
12288:Mfa0Kkm88qbIFM/t+fBF117PUspayEt31F+V65q63JYZJT:+rKMoJF1178U23L+V65hOZB
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.13123.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4411
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.13123.exe
-
Size
897KB
-
MD5
8f0455d51130bf17f17e66b57efb722f
-
SHA1
ea74f9e0c869e62cb349bb92b830ea171fe6caf9
-
SHA256
aa109160a7bf36d319dd778b009ccb6db1a506c5a0eebd87fa6628e9313496c5
-
SHA512
ba9e6c954848b8a9bd763f567c0fceb2b13da94047a79d0894a9b0431fcb3bde905b88f64e614c6a231c7ebfc09f03e8003b425f26975628129609c1c885c22b
-
SSDEEP
12288:Mfa0Kkm88qbIFM/t+fBF117PUspayEt31F+V65q63JYZJT:+rKMoJF1178U23L+V65hOZB
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-