General
-
Target
R038829939-3288.exe
-
Size
1.0MB
-
Sample
221024-h683gsfchl
-
MD5
690a381d9e34389a101cc26042eb01d9
-
SHA1
20cbdf652baa00adc83670d907b14724445da0f2
-
SHA256
09fe7735f742e003ace00c9884b1eb6d55c719735a1fcd207ac985ce746b008a
-
SHA512
4d101dbd26245e9365bc8a92a4feaa122811468643b8dc9ec6bdc2dc0e53469e37bbba0912ba45071c105f01af44e3959985a56309476fdbec8c1933d9c12b52
-
SSDEEP
24576:7kr1gzNc71ZGytgGTpd0FUDJr3HbZMOBr:Qr+aRn0FUd73
Static task
static1
Behavioral task
behavioral1
Sample
R038829939-3288.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4433
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
R038829939-3288.exe
-
Size
1.0MB
-
MD5
690a381d9e34389a101cc26042eb01d9
-
SHA1
20cbdf652baa00adc83670d907b14724445da0f2
-
SHA256
09fe7735f742e003ace00c9884b1eb6d55c719735a1fcd207ac985ce746b008a
-
SHA512
4d101dbd26245e9365bc8a92a4feaa122811468643b8dc9ec6bdc2dc0e53469e37bbba0912ba45071c105f01af44e3959985a56309476fdbec8c1933d9c12b52
-
SSDEEP
24576:7kr1gzNc71ZGytgGTpd0FUDJr3HbZMOBr:Qr+aRn0FUd73
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-