General
-
Target
AW7938730028-10-24-22.exe
-
Size
1.0MB
-
Sample
221024-sj92dahdc5
-
MD5
839197eee0260468564f9d9b495925ee
-
SHA1
071635cb3bf7e3366a18222ae2f505167be50d78
-
SHA256
98949b9cd7eb063eb4a2970136d3483b29891bd8c1c2ec6104e45b76f838ddf9
-
SHA512
d703f04cd774dc747580f1994c0d531ae82c9d9013b025b60abcd4fb849ec6dda62f721eabb5dbc904f18e4a857c347aa302083999ae9edb85d26a153488f4e2
-
SSDEEP
12288:UKOwdd/jJVGhZzg9fP8tdyvUFAF73b3rFguY8:UKXdrL+yvUiF7L35f
Static task
static1
Behavioral task
behavioral1
Sample
AW7938730028-10-24-22.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
podzeye2.duckdns.org:4411
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
AW7938730028-10-24-22.exe
-
Size
1.0MB
-
MD5
839197eee0260468564f9d9b495925ee
-
SHA1
071635cb3bf7e3366a18222ae2f505167be50d78
-
SHA256
98949b9cd7eb063eb4a2970136d3483b29891bd8c1c2ec6104e45b76f838ddf9
-
SHA512
d703f04cd774dc747580f1994c0d531ae82c9d9013b025b60abcd4fb849ec6dda62f721eabb5dbc904f18e4a857c347aa302083999ae9edb85d26a153488f4e2
-
SSDEEP
12288:UKOwdd/jJVGhZzg9fP8tdyvUFAF73b3rFguY8:UKXdrL+yvUiF7L35f
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-