General
-
Target
QPwk4Ce4nVKKJQn.exe
-
Size
695KB
-
Sample
221101-hqcpcahah4
-
MD5
d36407b9ed921fc741470dd033b316c9
-
SHA1
a7ac1ce53c2387d2bf05cf4e306f8bf95001e4f9
-
SHA256
1f8b6ebc0fbdb35c0b214652b69360c8dd78b569c9af9c1b355dd11f277624e2
-
SHA512
bb4e1f17a50b102497a09e77038d5201494317109ff91afc34ac4f35671161418e09e907624507ef72c1054e5bbd6934253fcf2c7c1f109c27fd469efc6fec77
-
SSDEEP
12288:jJwhuJLeujoAwiNXh+xQeLLr2TtQ0uSvUtuyXW3GOxq8eEQvhzps7:jKuJL/oAwUh+xLLr45vUg4y9qz7s7
Static task
static1
Behavioral task
behavioral1
Sample
QPwk4Ce4nVKKJQn.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
212.193.30.230:3367
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Telkomsa@1980
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
QPwk4Ce4nVKKJQn.exe
-
Size
695KB
-
MD5
d36407b9ed921fc741470dd033b316c9
-
SHA1
a7ac1ce53c2387d2bf05cf4e306f8bf95001e4f9
-
SHA256
1f8b6ebc0fbdb35c0b214652b69360c8dd78b569c9af9c1b355dd11f277624e2
-
SHA512
bb4e1f17a50b102497a09e77038d5201494317109ff91afc34ac4f35671161418e09e907624507ef72c1054e5bbd6934253fcf2c7c1f109c27fd469efc6fec77
-
SSDEEP
12288:jJwhuJLeujoAwiNXh+xQeLLr2TtQ0uSvUtuyXW3GOxq8eEQvhzps7:jKuJL/oAwUh+xLLr45vUg4y9qz7s7
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-