General
-
Target
344ef31452df3e0c965b58f6db0c11a6.exe
-
Size
750KB
-
Sample
221101-hjmwqshhfq
-
MD5
344ef31452df3e0c965b58f6db0c11a6
-
SHA1
74b3cd8bcaaaba8b587766c52577a2b7403c4055
-
SHA256
bc0a8e730ebbe66a98f6aa755671661158a982983898e45d306f79ec608250fe
-
SHA512
0750eb8b33d39b575e4be582484f98d846b2c47812fbc45ef12d2683ed3e3864284c4d3bc56ea2db0eea509b9628d81a8e442a8fa64caa708c9203fac7bce5e5
-
SSDEEP
12288:c5QEPzaWzvEz2tPQlShdMW3LXMdy9pLnEyL:ctcYgMdTnEyL
Static task
static1
Behavioral task
behavioral1
Sample
344ef31452df3e0c965b58f6db0c11a6.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3363
212.193.30.230:3362
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Cantbeme@1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
344ef31452df3e0c965b58f6db0c11a6.exe
-
Size
750KB
-
MD5
344ef31452df3e0c965b58f6db0c11a6
-
SHA1
74b3cd8bcaaaba8b587766c52577a2b7403c4055
-
SHA256
bc0a8e730ebbe66a98f6aa755671661158a982983898e45d306f79ec608250fe
-
SHA512
0750eb8b33d39b575e4be582484f98d846b2c47812fbc45ef12d2683ed3e3864284c4d3bc56ea2db0eea509b9628d81a8e442a8fa64caa708c9203fac7bce5e5
-
SSDEEP
12288:c5QEPzaWzvEz2tPQlShdMW3LXMdy9pLnEyL:ctcYgMdTnEyL
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-