Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Payment confirmation.exe
-
Size
794KB
-
Sample
220920-jh4njafhdm
-
MD5
d2e1541ec3a29b282d6b0695f4d223af
-
SHA1
31e6d8ebcfb269cb6ec3422439633bc14eb22ea6
-
SHA256
a2a0a4b91cbcf08126c70586521d2e7a0d6cf744058c314ffced7bdce97a40a1
-
SHA512
86844a6d7f84b1852873f5eec28ce7b60e2d381d83b4bb25052593adfa6e5f1d1b35d6df2e4bf949f570a86b9905ac34c45fc27680e0869ee7b24c6351f0fa8f
-
SSDEEP
12288:U91Rix5fEFksZMpJqB61ap5a0kAh8ZwQmiiyqADqjJ5n:UifEFkfJoi0k4E7mkMjr
Static task
static1
Behavioral task
behavioral1
Sample
Payment confirmation.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
37.0.14.214:3346
37.0.14.214:4478
37.0.14.214:3469
37.0.14.214:3565
-
activex_autorun
false
-
copy_executable
true
-
delete_original
false
-
host_id
HostId-%Rand%
-
install_path
%AppData%\Install\Host.exe
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
true
-
offline_keylogger
true
-
password
move4ward
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
Payment confirmation.exe
-
Size
794KB
-
MD5
d2e1541ec3a29b282d6b0695f4d223af
-
SHA1
31e6d8ebcfb269cb6ec3422439633bc14eb22ea6
-
SHA256
a2a0a4b91cbcf08126c70586521d2e7a0d6cf744058c314ffced7bdce97a40a1
-
SHA512
86844a6d7f84b1852873f5eec28ce7b60e2d381d83b4bb25052593adfa6e5f1d1b35d6df2e4bf949f570a86b9905ac34c45fc27680e0869ee7b24c6351f0fa8f
-
SSDEEP
12288:U91Rix5fEFksZMpJqB61ap5a0kAh8ZwQmiiyqADqjJ5n:UifEFkfJoi0k4E7mkMjr
-
NetWire RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-