General
-
Target
6dfaae50e7e5e48997d3cd80e1355627.exe
-
Size
784KB
-
Sample
221109-h1jweaefc9
-
MD5
6dfaae50e7e5e48997d3cd80e1355627
-
SHA1
b6a2438f5f7543ed0733c620d9caa7f8fd0c8a39
-
SHA256
b0355698b9cac14e82f75a7b8cc8f49cfcf02e559f5122095cb7156eb44a0143
-
SHA512
1269a14448dfcb3c0b73ea4b96895ff5285388c31013c67cc9132fc3045507dff04f924afad92b44bdf78b8ddf13b450edd41e2671ba79484a859a0a710b66bf
-
SSDEEP
12288:vdFxQiJc0s+oRKrsY4jOfSK9f27k99jVX70oLZkg1YnZmSaCzLn0ZE4kri19X9:v9y0YKrajySK9ftPhX7DLZf6XLMkrYX
Static task
static1
Behavioral task
behavioral1
Sample
6dfaae50e7e5e48997d3cd80e1355627.exe
Resource
win7-20220901-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
6dfaae50e7e5e48997d3cd80e1355627.exe
-
Size
784KB
-
MD5
6dfaae50e7e5e48997d3cd80e1355627
-
SHA1
b6a2438f5f7543ed0733c620d9caa7f8fd0c8a39
-
SHA256
b0355698b9cac14e82f75a7b8cc8f49cfcf02e559f5122095cb7156eb44a0143
-
SHA512
1269a14448dfcb3c0b73ea4b96895ff5285388c31013c67cc9132fc3045507dff04f924afad92b44bdf78b8ddf13b450edd41e2671ba79484a859a0a710b66bf
-
SSDEEP
12288:vdFxQiJc0s+oRKrsY4jOfSK9f27k99jVX70oLZkg1YnZmSaCzLn0ZE4kri19X9:v9y0YKrajySK9ftPhX7DLZf6XLMkrYX
-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-