General
-
Target
0d15afbcf9f4e2e70fa6887d2b320f17.exe
-
Size
978KB
-
Sample
221103-rkkbnsdddn
-
MD5
0d15afbcf9f4e2e70fa6887d2b320f17
-
SHA1
8146da1a869bb33bb3f2b3914847fddd92bbca3b
-
SHA256
f6226702ec3ded25ec5e0d7d1cbaae386540e990857ec7604ec93284113b4897
-
SHA512
c04de05765838d577eead19f58adb68ab78d5ed18e039d565973b5b40795402f111cccd4bbb4b6f5af87e5034f65a4cf8c4cfdd7d414fe694f99186ebf9ed2e2
-
SSDEEP
12288:w4AkhkQNBrZsuLRuX+Ve8sXrq0C2zwf4J7czloZDo6OR+Z3S+:XGMJZsuNM+VepXrq0CRiDopS
Static task
static1
Behavioral task
behavioral1
Sample
0d15afbcf9f4e2e70fa6887d2b320f17.exe
Resource
win7-20220812-en
Malware Config
Extracted
netwire
212.193.30.230:3363
212.193.30.230:3362
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Cantbeme@1
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
0d15afbcf9f4e2e70fa6887d2b320f17.exe
-
Size
978KB
-
MD5
0d15afbcf9f4e2e70fa6887d2b320f17
-
SHA1
8146da1a869bb33bb3f2b3914847fddd92bbca3b
-
SHA256
f6226702ec3ded25ec5e0d7d1cbaae386540e990857ec7604ec93284113b4897
-
SHA512
c04de05765838d577eead19f58adb68ab78d5ed18e039d565973b5b40795402f111cccd4bbb4b6f5af87e5034f65a4cf8c4cfdd7d414fe694f99186ebf9ed2e2
-
SSDEEP
12288:w4AkhkQNBrZsuLRuX+Ve8sXrq0C2zwf4J7czloZDo6OR+Z3S+:XGMJZsuNM+VepXrq0CRiDopS
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-